General
-
Target
85b9cdb536ef4da50ed70da80a8356ae3d52c6a6a966070ee77a16f97ecee9b6
-
Size
2.3MB
-
Sample
240625-c4t8nazckl
-
MD5
351fb799c083368eba8e97acd5f46485
-
SHA1
cda284260937ecba6760e29513d862b40db269d4
-
SHA256
85b9cdb536ef4da50ed70da80a8356ae3d52c6a6a966070ee77a16f97ecee9b6
-
SHA512
eb31ac9527fc0811d5925312ad521f6e64e5436c3a9c0a44cfe19a2d215ce258491de1b200e6ccc5da47a1171e479f6c1357cb8fc102a5a592b0a997a0d0afcd
-
SSDEEP
49152:IzN61UCeQrv+4WgXJHxMutEWRJI6Ois+CwST1vHkcH:IzN6K5QTegXs61Rp3swSThHkcH
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
85b9cdb536ef4da50ed70da80a8356ae3d52c6a6a966070ee77a16f97ecee9b6
-
Size
2.3MB
-
MD5
351fb799c083368eba8e97acd5f46485
-
SHA1
cda284260937ecba6760e29513d862b40db269d4
-
SHA256
85b9cdb536ef4da50ed70da80a8356ae3d52c6a6a966070ee77a16f97ecee9b6
-
SHA512
eb31ac9527fc0811d5925312ad521f6e64e5436c3a9c0a44cfe19a2d215ce258491de1b200e6ccc5da47a1171e479f6c1357cb8fc102a5a592b0a997a0d0afcd
-
SSDEEP
49152:IzN61UCeQrv+4WgXJHxMutEWRJI6Ois+CwST1vHkcH:IzN6K5QTegXs61Rp3swSThHkcH
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-