General
-
Target
aa09c46aa2cda338d57362c35fe1dadf583aa15b1f4e7ae80623213d4e5b3ba0
-
Size
2.3MB
-
Sample
240622-q6g8rsvcmp
-
MD5
f3e2bed48c0156789b71a136ef95e611
-
SHA1
6ac060003bce54b85c9a2f8de9208264c311469e
-
SHA256
aa09c46aa2cda338d57362c35fe1dadf583aa15b1f4e7ae80623213d4e5b3ba0
-
SHA512
3f001a12c5174f66fb399b5a09bb57a7883dd49257c4902abfd27388f948999a692eeba8a8e483cfbbbe0ebb505bbb9b9782cc3e93933a003eec6766ab0cdbc3
-
SSDEEP
49152:bT8Avhwa7q26c1DTsTEPSrOwrcxHg2T7k7aSn9JmSejfG5SmSVpv3F:thD7ugPXxHg2T2TrJejfG5StVj
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
aa09c46aa2cda338d57362c35fe1dadf583aa15b1f4e7ae80623213d4e5b3ba0
-
Size
2.3MB
-
MD5
f3e2bed48c0156789b71a136ef95e611
-
SHA1
6ac060003bce54b85c9a2f8de9208264c311469e
-
SHA256
aa09c46aa2cda338d57362c35fe1dadf583aa15b1f4e7ae80623213d4e5b3ba0
-
SHA512
3f001a12c5174f66fb399b5a09bb57a7883dd49257c4902abfd27388f948999a692eeba8a8e483cfbbbe0ebb505bbb9b9782cc3e93933a003eec6766ab0cdbc3
-
SSDEEP
49152:bT8Avhwa7q26c1DTsTEPSrOwrcxHg2T7k7aSn9JmSejfG5SmSVpv3F:thD7ugPXxHg2T2TrJejfG5StVj
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-