General
-
Target
9ae617395ad5440f6774902b04f331a59282737d0f3c897d9f21ab73c19b691e
-
Size
2.3MB
-
Sample
240623-q5r2kswhkr
-
MD5
85b0f825ec9f8661f2b1237a0e33ad06
-
SHA1
16a3542ada51249be3b3a2939b79447b817b7a02
-
SHA256
9ae617395ad5440f6774902b04f331a59282737d0f3c897d9f21ab73c19b691e
-
SHA512
e3c720d343f8d51fc008b951663669615bfeb22513705532d0c63d64662028db6561b6ad302bb71ae6d9c7bf876b9fb33665f09ae877d821ed60642bb7e22a80
-
SSDEEP
49152:RVQGeQ3baj4j62r4XenE+svt3aaJzeuNh4zHhSeb78G5oEz:TmdU+2r4X+Mt3hey4tSs78GT
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
9ae617395ad5440f6774902b04f331a59282737d0f3c897d9f21ab73c19b691e
-
Size
2.3MB
-
MD5
85b0f825ec9f8661f2b1237a0e33ad06
-
SHA1
16a3542ada51249be3b3a2939b79447b817b7a02
-
SHA256
9ae617395ad5440f6774902b04f331a59282737d0f3c897d9f21ab73c19b691e
-
SHA512
e3c720d343f8d51fc008b951663669615bfeb22513705532d0c63d64662028db6561b6ad302bb71ae6d9c7bf876b9fb33665f09ae877d821ed60642bb7e22a80
-
SSDEEP
49152:RVQGeQ3baj4j62r4XenE+svt3aaJzeuNh4zHhSeb78G5oEz:TmdU+2r4X+Mt3hey4tSs78GT
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-