General
-
Target
787650677b73c6a1012d4b1429e874b0eddae20aaa3c5f820b6d5aed08a487ce
-
Size
2.3MB
-
Sample
240624-cw2yjavena
-
MD5
77f8d7d9467a0e4efecd16ebc7ddbc64
-
SHA1
8ddd616a43df01a63e4405e35e931de0abc0bd27
-
SHA256
787650677b73c6a1012d4b1429e874b0eddae20aaa3c5f820b6d5aed08a487ce
-
SHA512
6809fdf7b9ddf5025a1d14a3f242166e770f4f76139722be4a7dbe34db1c063b8ebc021e43ecdf740cf026f3859cd28174f0612eb74b3c9d62fe3d7dc3ceddf8
-
SSDEEP
49152:rxvsKy0/xFB2vRS0ayXJfSF55f+GG6UadcmpuuLqMrK0U2dU:mKy0pFIFaySF55f+NiwMddU
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
787650677b73c6a1012d4b1429e874b0eddae20aaa3c5f820b6d5aed08a487ce
-
Size
2.3MB
-
MD5
77f8d7d9467a0e4efecd16ebc7ddbc64
-
SHA1
8ddd616a43df01a63e4405e35e931de0abc0bd27
-
SHA256
787650677b73c6a1012d4b1429e874b0eddae20aaa3c5f820b6d5aed08a487ce
-
SHA512
6809fdf7b9ddf5025a1d14a3f242166e770f4f76139722be4a7dbe34db1c063b8ebc021e43ecdf740cf026f3859cd28174f0612eb74b3c9d62fe3d7dc3ceddf8
-
SSDEEP
49152:rxvsKy0/xFB2vRS0ayXJfSF55f+GG6UadcmpuuLqMrK0U2dU:mKy0pFIFaySF55f+NiwMddU
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-