General
-
Target
0d8edf8257a95f44c867679599315e9bff318ab53f7da739bb7c483734afbeaa
-
Size
2.3MB
-
Sample
240624-xagqpaxalf
-
MD5
74c6028f3d9ffa9fc57e08601d0abc91
-
SHA1
fec4f45359b7c1cb2e6358ee98975b81321d26e9
-
SHA256
0d8edf8257a95f44c867679599315e9bff318ab53f7da739bb7c483734afbeaa
-
SHA512
ddafcaf09302a5601ef9597bcc5df8329f2baf64fe1117905c60fb0411b0323177691117a7a968fbfdf1ad096cf9e39da798519e5b2ec75ffc5df6eb04b5aba7
-
SSDEEP
49152:BRxz0nMJ2V6CUjZGRtUi+DzHDBU6WzBu2X3A61dYX1OZhDJXwpKn:BRnfZGRtUNDrDBU60u76OOZnXJn
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
0d8edf8257a95f44c867679599315e9bff318ab53f7da739bb7c483734afbeaa
-
Size
2.3MB
-
MD5
74c6028f3d9ffa9fc57e08601d0abc91
-
SHA1
fec4f45359b7c1cb2e6358ee98975b81321d26e9
-
SHA256
0d8edf8257a95f44c867679599315e9bff318ab53f7da739bb7c483734afbeaa
-
SHA512
ddafcaf09302a5601ef9597bcc5df8329f2baf64fe1117905c60fb0411b0323177691117a7a968fbfdf1ad096cf9e39da798519e5b2ec75ffc5df6eb04b5aba7
-
SSDEEP
49152:BRxz0nMJ2V6CUjZGRtUi+DzHDBU6WzBu2X3A61dYX1OZhDJXwpKn:BRnfZGRtUNDrDBU60u76OOZnXJn
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-