General
-
Target
b295f4174de84592b7e5c9779fff8c1035367a3b160cb73486e9529022cea768
-
Size
2.3MB
-
Sample
240625-2drghsxela
-
MD5
d80d5c3b3f46774293bdd629bba997d8
-
SHA1
b71f659a7c5ccbceae270fdf5e42abbcef3dd279
-
SHA256
b295f4174de84592b7e5c9779fff8c1035367a3b160cb73486e9529022cea768
-
SHA512
2ec088725b2b3de78b48db49f17c4c04ba16b5a4be79662d0436aeba4fe78a1995bb381677c97a26ba8f82d52472726073bc2758d591ea2af67415c0e31c3270
-
SSDEEP
49152:3ZWuSv9SQo7AVgiddeczh+GjebNZPqlJXw4zz7LIyM5un:oz9h+AVgi5AGjebAKuzP
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
b295f4174de84592b7e5c9779fff8c1035367a3b160cb73486e9529022cea768
-
Size
2.3MB
-
MD5
d80d5c3b3f46774293bdd629bba997d8
-
SHA1
b71f659a7c5ccbceae270fdf5e42abbcef3dd279
-
SHA256
b295f4174de84592b7e5c9779fff8c1035367a3b160cb73486e9529022cea768
-
SHA512
2ec088725b2b3de78b48db49f17c4c04ba16b5a4be79662d0436aeba4fe78a1995bb381677c97a26ba8f82d52472726073bc2758d591ea2af67415c0e31c3270
-
SSDEEP
49152:3ZWuSv9SQo7AVgiddeczh+GjebNZPqlJXw4zz7LIyM5un:oz9h+AVgi5AGjebAKuzP
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-