General
-
Target
b6491a7ae09e34061861082253113bea087f23b05f109d59638d79a64be5f93a
-
Size
2.3MB
-
Sample
240625-tyjcmstbrr
-
MD5
e452dc3fcf18169614f2a672ddbf4168
-
SHA1
72a6d4e5b5804dd62cea87805ecc8ad21faeaa02
-
SHA256
b6491a7ae09e34061861082253113bea087f23b05f109d59638d79a64be5f93a
-
SHA512
c34cd2149f93c106ea4d2141c54c5efd05776ac32ee09a34f90fda59f87e4782836f3269c0da68e571eeccbf7ecfd719b0086d4fa4a53dbb8189e6aa915ef3c4
-
SSDEEP
49152:MZWLnyAFIFhqjqxxkemYH1Y3rbzjzxiQ9KkQfMHk+8yGGz7:MZGnZWhYqxxkQEPdiQ9K/MEmGGz
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
b6491a7ae09e34061861082253113bea087f23b05f109d59638d79a64be5f93a
-
Size
2.3MB
-
MD5
e452dc3fcf18169614f2a672ddbf4168
-
SHA1
72a6d4e5b5804dd62cea87805ecc8ad21faeaa02
-
SHA256
b6491a7ae09e34061861082253113bea087f23b05f109d59638d79a64be5f93a
-
SHA512
c34cd2149f93c106ea4d2141c54c5efd05776ac32ee09a34f90fda59f87e4782836f3269c0da68e571eeccbf7ecfd719b0086d4fa4a53dbb8189e6aa915ef3c4
-
SSDEEP
49152:MZWLnyAFIFhqjqxxkemYH1Y3rbzjzxiQ9KkQfMHk+8yGGz7:MZGnZWhYqxxkQEPdiQ9K/MEmGGz
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-