General
-
Target
f7404b25d232fc1abb629ef897817ef2d68e57c486040d62901782e0f8b2c3b1
-
Size
2.3MB
-
Sample
240625-yv7chszeqh
-
MD5
c2a5e2ec9a27966485004d4c8ad57398
-
SHA1
2430f4782eae31419befb81a362f8a257b050355
-
SHA256
f7404b25d232fc1abb629ef897817ef2d68e57c486040d62901782e0f8b2c3b1
-
SHA512
8f1ea2e5bbb11e4b29831d4e449e9498734b78c65af3b7b45a03c000c75e959945bb542f7306e380792612a8f1ef29c6771eb6b79ae901f009c13f7749b22e86
-
SSDEEP
49152:QOEArWZ2GSvCbBhDismldGmIaIfLbd43dj2tTi6XFY:QOFWcZvCttiDm/3l48tO6Xi
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
f7404b25d232fc1abb629ef897817ef2d68e57c486040d62901782e0f8b2c3b1
-
Size
2.3MB
-
MD5
c2a5e2ec9a27966485004d4c8ad57398
-
SHA1
2430f4782eae31419befb81a362f8a257b050355
-
SHA256
f7404b25d232fc1abb629ef897817ef2d68e57c486040d62901782e0f8b2c3b1
-
SHA512
8f1ea2e5bbb11e4b29831d4e449e9498734b78c65af3b7b45a03c000c75e959945bb542f7306e380792612a8f1ef29c6771eb6b79ae901f009c13f7749b22e86
-
SSDEEP
49152:QOEArWZ2GSvCbBhDismldGmIaIfLbd43dj2tTi6XFY:QOFWcZvCttiDm/3l48tO6Xi
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-