General

  • Target

    e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3

  • Size

    2.4MB

  • Sample

    240621-szrvqswclg

  • MD5

    16db47f760a93a0ae25fed6ebb555d8b

  • SHA1

    e4ddf8ad625ba3f5f7d43bc1f8a60c0046ce2f38

  • SHA256

    e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3

  • SHA512

    4386ceac9e046e6c7a595a16bf4f85037db35d2705c8f5727afd4e688047f3418701cc8bc57d5063e085d47d59957cc269bd8badfe5501de38e22a5c6e2634ab

  • SSDEEP

    49152:qcAdEKTLiqQ4KupW4TaxQDd5jYZswPkT9g:qQKk0pW4cQ30+Zg

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3

    • Size

      2.4MB

    • MD5

      16db47f760a93a0ae25fed6ebb555d8b

    • SHA1

      e4ddf8ad625ba3f5f7d43bc1f8a60c0046ce2f38

    • SHA256

      e441c687e40ff2467ba193d11574e24a3d9685849dc4514803ec0744a5e891e3

    • SHA512

      4386ceac9e046e6c7a595a16bf4f85037db35d2705c8f5727afd4e688047f3418701cc8bc57d5063e085d47d59957cc269bd8badfe5501de38e22a5c6e2634ab

    • SSDEEP

      49152:qcAdEKTLiqQ4KupW4TaxQDd5jYZswPkT9g:qQKk0pW4cQ30+Zg

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks