General
-
Target
182c438a361b22a2bf5066d52d8b87037a410b1c482dc241ecc2df0086f46467
-
Size
2.3MB
-
Sample
240623-3vz1nasdmj
-
MD5
598523505ff603b04e5e7f16d263fa87
-
SHA1
49914ec146086cf9bed8b91c64e12eda8c3de29a
-
SHA256
182c438a361b22a2bf5066d52d8b87037a410b1c482dc241ecc2df0086f46467
-
SHA512
d37561256024b354e744c6f7d6a0b8b9c30b962d960605a626718b5a976bd0ac5f341f129b2b00d8297096e5f95652c7c2c438a369eb09bc3c401fe6128d2321
-
SSDEEP
49152:NakfCCGWq/4wgHrCfDwRMBe54K0xv9lpuj2pr1g4BjXb3JvGJ9fC:QkKpaHKwRMFZh9Sje1b7JuJc
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
182c438a361b22a2bf5066d52d8b87037a410b1c482dc241ecc2df0086f46467
-
Size
2.3MB
-
MD5
598523505ff603b04e5e7f16d263fa87
-
SHA1
49914ec146086cf9bed8b91c64e12eda8c3de29a
-
SHA256
182c438a361b22a2bf5066d52d8b87037a410b1c482dc241ecc2df0086f46467
-
SHA512
d37561256024b354e744c6f7d6a0b8b9c30b962d960605a626718b5a976bd0ac5f341f129b2b00d8297096e5f95652c7c2c438a369eb09bc3c401fe6128d2321
-
SSDEEP
49152:NakfCCGWq/4wgHrCfDwRMBe54K0xv9lpuj2pr1g4BjXb3JvGJ9fC:QkKpaHKwRMFZh9Sje1b7JuJc
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-