General
-
Target
e0fb32c5fbbcdcaabe0a3e5f0489271d156eb0a5029b1e6fa7c36da4087d12ad
-
Size
2.3MB
-
Sample
240621-p24ersthjr
-
MD5
a444d4b18ce9b87c7bf46f84a3a93d06
-
SHA1
49256a1cf2d2686d05494ee0fda9f18874ae477c
-
SHA256
e0fb32c5fbbcdcaabe0a3e5f0489271d156eb0a5029b1e6fa7c36da4087d12ad
-
SHA512
1a5fa764e60a37c5e7bdfcb76e1fd6d2ff7964f8c5bc4ddb84e16a973db059b17f0960249fb1ffc0488ba682ac285ce79d6b5dc6fb7344ee558f222b32525c91
-
SSDEEP
49152:elpuqZTYUI1vLBZFO1EgQYoFmCHxZX3tf6OED1:Gpcfh8xk3dy
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
e0fb32c5fbbcdcaabe0a3e5f0489271d156eb0a5029b1e6fa7c36da4087d12ad
-
Size
2.3MB
-
MD5
a444d4b18ce9b87c7bf46f84a3a93d06
-
SHA1
49256a1cf2d2686d05494ee0fda9f18874ae477c
-
SHA256
e0fb32c5fbbcdcaabe0a3e5f0489271d156eb0a5029b1e6fa7c36da4087d12ad
-
SHA512
1a5fa764e60a37c5e7bdfcb76e1fd6d2ff7964f8c5bc4ddb84e16a973db059b17f0960249fb1ffc0488ba682ac285ce79d6b5dc6fb7344ee558f222b32525c91
-
SSDEEP
49152:elpuqZTYUI1vLBZFO1EgQYoFmCHxZX3tf6OED1:Gpcfh8xk3dy
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-