Overview

overview

10

Static

static

3

9ae617395a...1e.exe

windows7-x64

9

9ae617395a...1e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85b0f825ec9f8661f2b1237a0e33ad06.bin

  • Size

    2.3MB

  • Sample

    240625-cn119syejn

  • MD5

    e94c68a897646b7f0f2c2d548e2198a4

  • SHA1

    3846e9ac23df53e2d241b5283c387d00338c7d23

  • SHA256

    174ed2482913c1f30af42004873d44a071ce08acb7d0cb7e2748e4aa32553811

  • SHA512

    32daee42d25cf20f812a11182b86114e32bfd175752a92ec1784b877f5642501cb5c4cf9d64a5657192598452a6a4ff82e5d639b6236ffd0eb72230279f3986b

  • SSDEEP

    49152:rgqqm7KR9QiRo4tW3IKE1SZKOzeHU0SP45e8MZE2yh4:c71RjRoU1OzIBP5IExh4

Score
10/10
riseproevasionstealer

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

    • Target

      9ae617395ad5440f6774902b04f331a59282737d0f3c897d9f21ab73c19b691e.exe

    • Size

      2.3MB

    • MD5

      85b0f825ec9f8661f2b1237a0e33ad06

    • SHA1

      16a3542ada51249be3b3a2939b79447b817b7a02

    • SHA256

      9ae617395ad5440f6774902b04f331a59282737d0f3c897d9f21ab73c19b691e

    • SHA512

      e3c720d343f8d51fc008b951663669615bfeb22513705532d0c63d64662028db6561b6ad302bb71ae6d9c7bf876b9fb33665f09ae877d821ed60642bb7e22a80

    • SSDEEP

      49152:RVQGeQ3baj4j62r4XenE+svt3aaJzeuNh4zHhSeb78G5oEz:TmdU+2r4X+Mt3hey4tSs78GT

    Score
    10/10
    evasionriseprostealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks