General
-
Target
f11eae42301c56f361d83b55c273c1f7e974060fd9bb88acf50df4c7983e4d1b
-
Size
2.3MB
-
Sample
240622-nmvzeawemb
-
MD5
4dc48e39b8aee951568f344dcc295004
-
SHA1
8b0b43aea9c6d06ba0070c000e019a5cba218ff1
-
SHA256
f11eae42301c56f361d83b55c273c1f7e974060fd9bb88acf50df4c7983e4d1b
-
SHA512
0244526e193392698556f35cedaca4a60e19b84146b85eeeec450b78833ed63158dcaa4e1f9ee98e9598e5775834d061632ef100c218c93de8b84858633b9ce0
-
SSDEEP
49152:b5uKMp/amlAlNhTtmrrCIo/4oyo2o9KU8QJRkMz9C1qr4R7RZKZt3:b5u1t6bBmW/4oR2oTJJgoARZKf
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
f11eae42301c56f361d83b55c273c1f7e974060fd9bb88acf50df4c7983e4d1b
-
Size
2.3MB
-
MD5
4dc48e39b8aee951568f344dcc295004
-
SHA1
8b0b43aea9c6d06ba0070c000e019a5cba218ff1
-
SHA256
f11eae42301c56f361d83b55c273c1f7e974060fd9bb88acf50df4c7983e4d1b
-
SHA512
0244526e193392698556f35cedaca4a60e19b84146b85eeeec450b78833ed63158dcaa4e1f9ee98e9598e5775834d061632ef100c218c93de8b84858633b9ce0
-
SSDEEP
49152:b5uKMp/amlAlNhTtmrrCIo/4oyo2o9KU8QJRkMz9C1qr4R7RZKZt3:b5u1t6bBmW/4oR2oTJJgoARZKf
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-