risepro | 07731f66b75fedd487360a6b96c17f007f80cb844184f75428c1cdfdfe524d9b | Triage

Sharing

General

Target

07731f66b75fedd487360a6b96c17f007f80cb844184f75428c1cdfdfe524d9b
Size

2.3MB
Sample

240623-ha7jsawfpq
MD5

ad0e24c94a9eb6e695eccea57cc3a53b
SHA1

d48f0c07b02b52b0dd273bad7b6273de4b76f7f4
SHA256

07731f66b75fedd487360a6b96c17f007f80cb844184f75428c1cdfdfe524d9b
SHA512

15062ac0df993dabf671f9c7308de8b7417c39259a5eb8ccd89284c5081d51a40b76232df6afc8bfb8d550901b56b1ae0883b4a7d7c21bd64cda4242ecfde810
SSDEEP

49152:6uey13c2fU3sEWRALDUn/TWLGQ24Y/9LUj+35LVuXTuLetSzU:PeyRckE9LYnLW2hyqdVWU

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

- Target
  
  07731f66b75fedd487360a6b96c17f007f80cb844184f75428c1cdfdfe524d9b
- Size
  
  2.3MB
- MD5
  
  ad0e24c94a9eb6e695eccea57cc3a53b
- SHA1
  
  d48f0c07b02b52b0dd273bad7b6273de4b76f7f4
- SHA256
  
  07731f66b75fedd487360a6b96c17f007f80cb844184f75428c1cdfdfe524d9b
- SHA512
  
  15062ac0df993dabf671f9c7308de8b7417c39259a5eb8ccd89284c5081d51a40b76232df6afc8bfb8d550901b56b1ae0883b4a7d7c21bd64cda4242ecfde810
- SSDEEP
  
  49152:6uey13c2fU3sEWRALDUn/TWLGQ24Y/9LUj+35LVuXTuLetSzU:PeyRckE9LYnLW2hyqdVWU
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer