General
-
Target
a7e3966b2892952035c70ca580fdca681fa73468c35fcb2b811c0c94f8a9a361
-
Size
2.3MB
-
Sample
240621-swmfvaward
-
MD5
07b486361c8901248eb8113742dd9dcd
-
SHA1
8ee235b44755617fb53cc5e425ec50d88d0263d7
-
SHA256
a7e3966b2892952035c70ca580fdca681fa73468c35fcb2b811c0c94f8a9a361
-
SHA512
0eeba8dad97ad5ddb256874b8e78f9988a5e283a0e53f5f16588f98386f461de34b03552631fb494c33a520f0c7e9e45822cb4c620038478b496bc38ad4caf78
-
SSDEEP
49152:auPq42wBsKrqkL4OQTQoabtK0ukMpJssf9s+9o/DEvo63717wkPhgmKQTbs:YisKrR/QTQnbtKQMpJ/59obEvJRcuhT
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
a7e3966b2892952035c70ca580fdca681fa73468c35fcb2b811c0c94f8a9a361
-
Size
2.3MB
-
MD5
07b486361c8901248eb8113742dd9dcd
-
SHA1
8ee235b44755617fb53cc5e425ec50d88d0263d7
-
SHA256
a7e3966b2892952035c70ca580fdca681fa73468c35fcb2b811c0c94f8a9a361
-
SHA512
0eeba8dad97ad5ddb256874b8e78f9988a5e283a0e53f5f16588f98386f461de34b03552631fb494c33a520f0c7e9e45822cb4c620038478b496bc38ad4caf78
-
SSDEEP
49152:auPq42wBsKrqkL4OQTQoabtK0ukMpJssf9s+9o/DEvo63717wkPhgmKQTbs:YisKrR/QTQnbtKQMpJ/59obEvJRcuhT
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-