General
-
Target
0ae5e4996af84d2fb8eabc7092d0ec0ec15d92b626931445d7e20445efa9c7bf
-
Size
2.4MB
-
Sample
240624-jxw71asbrg
-
MD5
842b6596d619434979d46b20b13998de
-
SHA1
d486210aee5ce71e247790bc840ecb5c68437ac6
-
SHA256
0ae5e4996af84d2fb8eabc7092d0ec0ec15d92b626931445d7e20445efa9c7bf
-
SHA512
7fe5351797f45734a3d80a98fb6197eda1a43ce0de578f2e5009df420b044a0c9680364aba3c900710386df7a81eb04203b88594788c2a90ff9d68866a331962
-
SSDEEP
49152:xD/LHJWzrT4Y2ViZoYwJN803uqVS9modf0kR7tINA6:BLHJWzrtuiZo97mvm1kRRIN9
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
0ae5e4996af84d2fb8eabc7092d0ec0ec15d92b626931445d7e20445efa9c7bf
-
Size
2.4MB
-
MD5
842b6596d619434979d46b20b13998de
-
SHA1
d486210aee5ce71e247790bc840ecb5c68437ac6
-
SHA256
0ae5e4996af84d2fb8eabc7092d0ec0ec15d92b626931445d7e20445efa9c7bf
-
SHA512
7fe5351797f45734a3d80a98fb6197eda1a43ce0de578f2e5009df420b044a0c9680364aba3c900710386df7a81eb04203b88594788c2a90ff9d68866a331962
-
SSDEEP
49152:xD/LHJWzrT4Y2ViZoYwJN803uqVS9modf0kR7tINA6:BLHJWzrtuiZo97mvm1kRRIN9
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-