General

  • Target

    38e830e8347e700cdddb4d739552863c339d93e830d0788175407458595c3576

  • Size

    2.4MB

  • Sample

    240621-nkkqna1glk

  • MD5

    87ab5ed09d5fa42485cb8c11cbf708f1

  • SHA1

    bddc4a4d445232eb01b286da022ccdd713bf82b4

  • SHA256

    38e830e8347e700cdddb4d739552863c339d93e830d0788175407458595c3576

  • SHA512

    1ba36784e487339fd201bcf87c613af21d8fb4c800d214613eeaa37b541542450c0bda8621edf1072906efc5506468bb8ca7cf2b241ebd57a3f43f1acfcecf34

  • SSDEEP

    49152:8PnnMvqZmyEkba4tfwmjABR3+atYh+zHOWQXeQG4PWqeH3DgQCJV:8PMOmNkbaifwjBJ+KfzHOW4eQTWx3DtU

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      38e830e8347e700cdddb4d739552863c339d93e830d0788175407458595c3576

    • Size

      2.4MB

    • MD5

      87ab5ed09d5fa42485cb8c11cbf708f1

    • SHA1

      bddc4a4d445232eb01b286da022ccdd713bf82b4

    • SHA256

      38e830e8347e700cdddb4d739552863c339d93e830d0788175407458595c3576

    • SHA512

      1ba36784e487339fd201bcf87c613af21d8fb4c800d214613eeaa37b541542450c0bda8621edf1072906efc5506468bb8ca7cf2b241ebd57a3f43f1acfcecf34

    • SSDEEP

      49152:8PnnMvqZmyEkba4tfwmjABR3+atYh+zHOWQXeQG4PWqeH3DgQCJV:8PMOmNkbaifwjBJ+KfzHOW4eQTWx3DtU

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks