General
-
Target
776d4c1e2d14874bc25dbed12c8e8be82a5633471c29bbc68d9d7143f5c0ce59
-
Size
2.3MB
-
Sample
240622-nkejmswdlf
-
MD5
017c0a979bfd684abb992b077fb9be3b
-
SHA1
d552d152a0c51956775c0ee0c207df1968cd3889
-
SHA256
776d4c1e2d14874bc25dbed12c8e8be82a5633471c29bbc68d9d7143f5c0ce59
-
SHA512
9d62cd5cf126060a5104fe619560cde8a870915a8f7e6f81ad57e8c0dee6b44ec064de374061fcbbf28eb4e2392f03620b8158398bbdf542ed9116dc4d897a49
-
SSDEEP
49152:es47TQyniY2gBotBhx14rvKZ+D+ORucTZAAKcn8c1DAsBaEsl5SRT5c:es4gntfx1AS4TTZZ29EsA+
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
776d4c1e2d14874bc25dbed12c8e8be82a5633471c29bbc68d9d7143f5c0ce59
-
Size
2.3MB
-
MD5
017c0a979bfd684abb992b077fb9be3b
-
SHA1
d552d152a0c51956775c0ee0c207df1968cd3889
-
SHA256
776d4c1e2d14874bc25dbed12c8e8be82a5633471c29bbc68d9d7143f5c0ce59
-
SHA512
9d62cd5cf126060a5104fe619560cde8a870915a8f7e6f81ad57e8c0dee6b44ec064de374061fcbbf28eb4e2392f03620b8158398bbdf542ed9116dc4d897a49
-
SSDEEP
49152:es47TQyniY2gBotBhx14rvKZ+D+ORucTZAAKcn8c1DAsBaEsl5SRT5c:es4gntfx1AS4TTZZ29EsA+
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-