risepro | 6beb36b03ecc3adff14394d9dac350d65605c099c6378cbfefd0431e349a171a | Triage

Sharing

General

Target

6beb36b03ecc3adff14394d9dac350d65605c099c6378cbfefd0431e349a171a
Size

2.3MB
Sample

240624-l3f43szeqq
MD5

edd7c4904e9b7939520be510fcfcb1db
SHA1

d9a2c4aec8cf8657a73b95c72cf35839f6ec86b3
SHA256

6beb36b03ecc3adff14394d9dac350d65605c099c6378cbfefd0431e349a171a
SHA512

55aefba7f0fa2c08ded8153a1923447f47cc7b66d4a590bf5c6f2c46b4a01dda154c4f4ed06a7ffdee5d523e5a18167f18cb1c7930f9a9ae01be5dcdaba4240a
SSDEEP

49152:4yuYdzbPzKwLRCQN82Awgo+Mw1Dk2E27cpF8fPOpT+DfT+jkUx5Yh:4DYd/bQQNZAG+MsD5fPOEDfukUM

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

- Target
  
  6beb36b03ecc3adff14394d9dac350d65605c099c6378cbfefd0431e349a171a
- Size
  
  2.3MB
- MD5
  
  edd7c4904e9b7939520be510fcfcb1db
- SHA1
  
  d9a2c4aec8cf8657a73b95c72cf35839f6ec86b3
- SHA256
  
  6beb36b03ecc3adff14394d9dac350d65605c099c6378cbfefd0431e349a171a
- SHA512
  
  55aefba7f0fa2c08ded8153a1923447f47cc7b66d4a590bf5c6f2c46b4a01dda154c4f4ed06a7ffdee5d523e5a18167f18cb1c7930f9a9ae01be5dcdaba4240a
- SSDEEP
  
  49152:4yuYdzbPzKwLRCQN82Awgo+Mw1Dk2E27cpF8fPOpT+DfT+jkUx5Yh:4DYd/bQQNZAG+MsD5fPOEDfukUM
Score

10^/10

evasion risepro stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

riseproevasionstealer