General
-
Target
4e18d688a5a00e517fe82e040a0d3e2607a2f51e8d2af25b46eed1a4f37137cb
-
Size
2.3MB
-
Sample
240624-tyj9yavenq
-
MD5
9e88c3b9177bfb5f3272348c559ab0a5
-
SHA1
3bf98278fefbfbdb78578122fb47cda84864313a
-
SHA256
4e18d688a5a00e517fe82e040a0d3e2607a2f51e8d2af25b46eed1a4f37137cb
-
SHA512
c61ea9447b76bafb91497655d397c68da72ce47486fc2ed8431e985fb72d59983e3366dd528cb716abe6d56a2df8f52418f84909604812fb1c5a9a25b2cb85c2
-
SSDEEP
49152:dAvPFAHtsOpiGYeKwWz7DNBIM+KPd21fbCOcZlSqtN+6BpU:s9cp+RZ7DN3d21DBgl+6rU
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
4e18d688a5a00e517fe82e040a0d3e2607a2f51e8d2af25b46eed1a4f37137cb
-
Size
2.3MB
-
MD5
9e88c3b9177bfb5f3272348c559ab0a5
-
SHA1
3bf98278fefbfbdb78578122fb47cda84864313a
-
SHA256
4e18d688a5a00e517fe82e040a0d3e2607a2f51e8d2af25b46eed1a4f37137cb
-
SHA512
c61ea9447b76bafb91497655d397c68da72ce47486fc2ed8431e985fb72d59983e3366dd528cb716abe6d56a2df8f52418f84909604812fb1c5a9a25b2cb85c2
-
SSDEEP
49152:dAvPFAHtsOpiGYeKwWz7DNBIM+KPd21fbCOcZlSqtN+6BpU:s9cp+RZ7DN3d21DBgl+6rU
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-