General
-
Target
d26d2aa1b1799adbc42fb8da7b0b5009a26fcce0f21a62ac48631fd10e134211
-
Size
2.3MB
-
Sample
240625-v155vswbmr
-
MD5
963a1246e07ff6b36c41f8be3a9f43bc
-
SHA1
a36f9738fd15dc81f4fdd76b5d0c8f42547af600
-
SHA256
d26d2aa1b1799adbc42fb8da7b0b5009a26fcce0f21a62ac48631fd10e134211
-
SHA512
4b6103134809d5a0053679ba47617ae7120d419117070a6e49c3a979b8aef6d0a9f17826d55b10685134cae53f59fd14cbcc7d6febd496b62e5a8040b78a5a7e
-
SSDEEP
49152:hvbj2LN0M5Y7Z3Gbwr5tET1c17zCWTr3Nko9dZjD9rTDPKgE4ZGGS6INfb:hvmGCqGEr5twc1nrHegLn9rvCgE4N
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
d26d2aa1b1799adbc42fb8da7b0b5009a26fcce0f21a62ac48631fd10e134211
-
Size
2.3MB
-
MD5
963a1246e07ff6b36c41f8be3a9f43bc
-
SHA1
a36f9738fd15dc81f4fdd76b5d0c8f42547af600
-
SHA256
d26d2aa1b1799adbc42fb8da7b0b5009a26fcce0f21a62ac48631fd10e134211
-
SHA512
4b6103134809d5a0053679ba47617ae7120d419117070a6e49c3a979b8aef6d0a9f17826d55b10685134cae53f59fd14cbcc7d6febd496b62e5a8040b78a5a7e
-
SSDEEP
49152:hvbj2LN0M5Y7Z3Gbwr5tET1c17zCWTr3Nko9dZjD9rTDPKgE4ZGGS6INfb:hvmGCqGEr5twc1nrHegLn9rvCgE4N
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-