General

  • Target

    9b390e9a49125f3573909e7216e5f5f890c7632fccc55626781184209258b7ee

  • Size

    2.3MB

  • Sample

    240622-p4cptssgpj

  • MD5

    a4530430db039421a4bb5e097bdfc4c7

  • SHA1

    77f182be186f9b8169d59416980854ce12f135ee

  • SHA256

    9b390e9a49125f3573909e7216e5f5f890c7632fccc55626781184209258b7ee

  • SHA512

    2214d8bae005ea3e57163de3e11bae476997f3d6de912d5c7a642e985d5d9ad574c187fd8f1ff52e1bf875299c8c0510c4c6f323cf537a2f87ccc6490f206fad

  • SSDEEP

    49152:+bjs8XaYfR2OPWtUcJLDMuTJygh74Xlc4w1glv2MMaMatSVC5K162:+bj7XaYLP9cJLDMac+cVc2d2q0VEK16

Score
10/10

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      9b390e9a49125f3573909e7216e5f5f890c7632fccc55626781184209258b7ee

    • Size

      2.3MB

    • MD5

      a4530430db039421a4bb5e097bdfc4c7

    • SHA1

      77f182be186f9b8169d59416980854ce12f135ee

    • SHA256

      9b390e9a49125f3573909e7216e5f5f890c7632fccc55626781184209258b7ee

    • SHA512

      2214d8bae005ea3e57163de3e11bae476997f3d6de912d5c7a642e985d5d9ad574c187fd8f1ff52e1bf875299c8c0510c4c6f323cf537a2f87ccc6490f206fad

    • SSDEEP

      49152:+bjs8XaYfR2OPWtUcJLDMuTJygh74Xlc4w1glv2MMaMatSVC5K162:+bj7XaYLP9cJLDMac+cVc2d2q0VEK16

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks