General
-
Target
c182e296bb416d331f0fa1d19012ffc6ebebbc88d2bf4b1888adac478ebbfa56
-
Size
2.3MB
-
Sample
240622-3v6hfa1alh
-
MD5
c906ebc0b33907ccac87dcf5c7da118f
-
SHA1
3a1528d81cef5f62ea10c137413855aeca821d93
-
SHA256
c182e296bb416d331f0fa1d19012ffc6ebebbc88d2bf4b1888adac478ebbfa56
-
SHA512
5f2955df86be21f2d2a1433bd60566e1e5df71e251ead4b17e7f98095ea37a9edb76dc056a933a0a8b97e5e4b9f3c0c158f4d09be0ce8fafa94e75a8a86b24a3
-
SSDEEP
49152:FovsvHtwp2ln8LM5qE9kY6gaEeOxgeWUuhDcAoFuawYKEzIWl+xh:YsPtwprLM5q0kYQEeIWUoDcA1qKUIx
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
c182e296bb416d331f0fa1d19012ffc6ebebbc88d2bf4b1888adac478ebbfa56
-
Size
2.3MB
-
MD5
c906ebc0b33907ccac87dcf5c7da118f
-
SHA1
3a1528d81cef5f62ea10c137413855aeca821d93
-
SHA256
c182e296bb416d331f0fa1d19012ffc6ebebbc88d2bf4b1888adac478ebbfa56
-
SHA512
5f2955df86be21f2d2a1433bd60566e1e5df71e251ead4b17e7f98095ea37a9edb76dc056a933a0a8b97e5e4b9f3c0c158f4d09be0ce8fafa94e75a8a86b24a3
-
SSDEEP
49152:FovsvHtwp2ln8LM5qE9kY6gaEeOxgeWUuhDcAoFuawYKEzIWl+xh:YsPtwprLM5q0kYQEeIWUoDcA1qKUIx
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-