General

  • Target

    7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387

  • Size

    2.3MB

  • Sample

    240622-g9cb9avdqr

  • MD5

    e97f89c5aa755a43dee6c55eb5b18b8d

  • SHA1

    55429b4292bd4354b8540999fa9d8ee81bc8fa8c

  • SHA256

    7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387

  • SHA512

    228a18756be3ffa5511b48f4c31619bb15f7479888dc59aa4f243b94a875d88f7abb83217d67b6e2dbee0c38ae655ed3b129f24041fca85c1f75490a26a38fb6

  • SSDEEP

    24576:G0hzvKAMGTo24GpcF1Vs4l/UKHQ5CoOcq7Kk7AoQQIG6J8NJWBPl8bWe4nXtqtq3:GOm3iCTC2/U63yV26nkAFGTOJ/ySd

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387

    • Size

      2.3MB

    • MD5

      e97f89c5aa755a43dee6c55eb5b18b8d

    • SHA1

      55429b4292bd4354b8540999fa9d8ee81bc8fa8c

    • SHA256

      7ec4ac9b3dbddd7cf97b5f92e32aeace4e8824bfad8ed506a9fa93ed5cf4c387

    • SHA512

      228a18756be3ffa5511b48f4c31619bb15f7479888dc59aa4f243b94a875d88f7abb83217d67b6e2dbee0c38ae655ed3b129f24041fca85c1f75490a26a38fb6

    • SSDEEP

      24576:G0hzvKAMGTo24GpcF1Vs4l/UKHQ5CoOcq7Kk7AoQQIG6J8NJWBPl8bWe4nXtqtq3:GOm3iCTC2/U63yV26nkAFGTOJ/ySd

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks