General

  • Target

    73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced

  • Size

    2.4MB

  • Sample

    240622-fpsytstbql

  • MD5

    2eb3a55faf1758dcd3eb4444e2916f67

  • SHA1

    9d1183f8d2fcb431f13f2623e7c5576f44f802c3

  • SHA256

    73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced

  • SHA512

    5efd160d602f7b677c7fa4879081883572ddac9d8206f035e4d06c1337ca4dbc00d23e8abec116f39f58c3eb2f59eea848c7ab61e052279d75d81fe3f1aea544

  • SSDEEP

    49152:Yqys0andMZM/mHD2wlGTIL2DyOCAXcrVQKGCGkDwRdnd:As0adMZM/4D2wQs2DeRVcC/DM

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced

    • Size

      2.4MB

    • MD5

      2eb3a55faf1758dcd3eb4444e2916f67

    • SHA1

      9d1183f8d2fcb431f13f2623e7c5576f44f802c3

    • SHA256

      73add53c5cd676a937a974e094fca30813967a8b5f436a9c3a66cbfeede62ced

    • SHA512

      5efd160d602f7b677c7fa4879081883572ddac9d8206f035e4d06c1337ca4dbc00d23e8abec116f39f58c3eb2f59eea848c7ab61e052279d75d81fe3f1aea544

    • SSDEEP

      49152:Yqys0andMZM/mHD2wlGTIL2DyOCAXcrVQKGCGkDwRdnd:As0adMZM/4D2wQs2DeRVcC/DM

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks