General
-
Target
99a135091815c5ce83c8c72bf0ebea0f2b6a594b8c4990c2e7d04defb687d15c
-
Size
2.3MB
-
Sample
240623-l2nsjayalh
-
MD5
59e3535e9e58aadedfe90c1942bbd1b6
-
SHA1
4862f46fbbdbb9f4127d0ac10b1440176b0885ee
-
SHA256
99a135091815c5ce83c8c72bf0ebea0f2b6a594b8c4990c2e7d04defb687d15c
-
SHA512
3f273375c386593ef05a2dcaa07f0cf12a4269ceaf9294c2c4d790988508f92990249b05d90e92c341a956a6748dc44a47126373cb287347d0e3eab2d2aecc45
-
SSDEEP
49152:fJhzt9jCdvyBD+/5tOo2uhGgAfHkj8lSH1z+FyiuCefDd:Hcvyl+/OojhbLjIs+F4Fb
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
99a135091815c5ce83c8c72bf0ebea0f2b6a594b8c4990c2e7d04defb687d15c
-
Size
2.3MB
-
MD5
59e3535e9e58aadedfe90c1942bbd1b6
-
SHA1
4862f46fbbdbb9f4127d0ac10b1440176b0885ee
-
SHA256
99a135091815c5ce83c8c72bf0ebea0f2b6a594b8c4990c2e7d04defb687d15c
-
SHA512
3f273375c386593ef05a2dcaa07f0cf12a4269ceaf9294c2c4d790988508f92990249b05d90e92c341a956a6748dc44a47126373cb287347d0e3eab2d2aecc45
-
SSDEEP
49152:fJhzt9jCdvyBD+/5tOo2uhGgAfHkj8lSH1z+FyiuCefDd:Hcvyl+/OojhbLjIs+F4Fb
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-