General
-
Target
dd3e767dee37427114e3c65af7efad52ff2ff0b5ae415c22b61062fedf6ebf54
-
Size
2.3MB
-
Sample
240624-fn3rms1dmn
-
MD5
003438312135ede7b8782e50fc0adee2
-
SHA1
85c3cd57ce7694b628e38c50232adadabdfd5eab
-
SHA256
dd3e767dee37427114e3c65af7efad52ff2ff0b5ae415c22b61062fedf6ebf54
-
SHA512
f9a726bb1e5e175282816065cbbc10579e15db5e7f1aa4c4be8519fc4b4b478f2fd6addc53c0c27d675cd8ebd83d271bcaf542519e418237ca2880765b921813
-
SSDEEP
49152:BKw484Sbs5bT408mLQOfsilC71TPwEkGMiQ1CsDMHTldnRPpuAeV:BKnScbTImQOU5TPXNZx1RPM1V
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
dd3e767dee37427114e3c65af7efad52ff2ff0b5ae415c22b61062fedf6ebf54
-
Size
2.3MB
-
MD5
003438312135ede7b8782e50fc0adee2
-
SHA1
85c3cd57ce7694b628e38c50232adadabdfd5eab
-
SHA256
dd3e767dee37427114e3c65af7efad52ff2ff0b5ae415c22b61062fedf6ebf54
-
SHA512
f9a726bb1e5e175282816065cbbc10579e15db5e7f1aa4c4be8519fc4b4b478f2fd6addc53c0c27d675cd8ebd83d271bcaf542519e418237ca2880765b921813
-
SSDEEP
49152:BKw484Sbs5bT408mLQOfsilC71TPwEkGMiQ1CsDMHTldnRPpuAeV:BKnScbTImQOU5TPXNZx1RPM1V
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-