General
-
Target
997d363c2a300e2904ac1bf6bceabffd0933c125b1fe97eb669d205cc75c0af8
-
Size
2.3MB
-
Sample
240624-jpjxps1gng
-
MD5
70319b60b924cb47cb7be8bef265d212
-
SHA1
069b1a35b0ce2b8081b9c8c7dd6eb291e230f968
-
SHA256
997d363c2a300e2904ac1bf6bceabffd0933c125b1fe97eb669d205cc75c0af8
-
SHA512
29f2a6d065adcf02d206e9033e4d45df1c34b1632b85cd1e40396b3c2770073e0bba1f8f393ca9c83cb27d101f505df9c745f8267fc8efea33e1e0fde701caf4
-
SSDEEP
49152:hOyKSjm1vfUeP+oDgQsTTvmkbz74eoUZ5LL7n5:hOynNUFsHm4z74eZ5LPn5
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
997d363c2a300e2904ac1bf6bceabffd0933c125b1fe97eb669d205cc75c0af8
-
Size
2.3MB
-
MD5
70319b60b924cb47cb7be8bef265d212
-
SHA1
069b1a35b0ce2b8081b9c8c7dd6eb291e230f968
-
SHA256
997d363c2a300e2904ac1bf6bceabffd0933c125b1fe97eb669d205cc75c0af8
-
SHA512
29f2a6d065adcf02d206e9033e4d45df1c34b1632b85cd1e40396b3c2770073e0bba1f8f393ca9c83cb27d101f505df9c745f8267fc8efea33e1e0fde701caf4
-
SSDEEP
49152:hOyKSjm1vfUeP+oDgQsTTvmkbz74eoUZ5LL7n5:hOynNUFsHm4z74eZ5LPn5
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-