General
-
Target
041c058f3cbacbf7627fed950268e8720b5e7e44ce1558bac2c2d6e0a117af9c
-
Size
2.3MB
-
Sample
240624-fp2kzaxglg
-
MD5
7cfeaeccbe1e171218a5b4ea49bff0d6
-
SHA1
5f357caf7bffba938a455639915269b2ac05e395
-
SHA256
041c058f3cbacbf7627fed950268e8720b5e7e44ce1558bac2c2d6e0a117af9c
-
SHA512
eb3366bd543d956e6d71dc3f4590b017fbc7d5cb8a99973edbc3c4ecf0ada0ea3f26fb03a612c0e0a333468e5e504f9ba6063f849635d632040c04a975033ec7
-
SSDEEP
49152:WnnLDtsKQ+gYzlikMrQSZuWmERckbFGYn657slrfIYL62YZeyA:ExnQ+fpM/ZuE3bfnc4ZfIE62Wey
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
041c058f3cbacbf7627fed950268e8720b5e7e44ce1558bac2c2d6e0a117af9c
-
Size
2.3MB
-
MD5
7cfeaeccbe1e171218a5b4ea49bff0d6
-
SHA1
5f357caf7bffba938a455639915269b2ac05e395
-
SHA256
041c058f3cbacbf7627fed950268e8720b5e7e44ce1558bac2c2d6e0a117af9c
-
SHA512
eb3366bd543d956e6d71dc3f4590b017fbc7d5cb8a99973edbc3c4ecf0ada0ea3f26fb03a612c0e0a333468e5e504f9ba6063f849635d632040c04a975033ec7
-
SSDEEP
49152:WnnLDtsKQ+gYzlikMrQSZuWmERckbFGYn657slrfIYL62YZeyA:ExnQ+fpM/ZuE3bfnc4ZfIE62Wey
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-