General
-
Target
d38d56ebf9e6a1013e9b66ac2b185ac82c59326aa2d1fdce878f8aa4b084edb8
-
Size
2.3MB
-
Sample
240626-2dpmxsxepd
-
MD5
b906496bb6426fc2060d87699857de17
-
SHA1
5f0ef49093a807c1fc011fe24f85eb12054fc39d
-
SHA256
d38d56ebf9e6a1013e9b66ac2b185ac82c59326aa2d1fdce878f8aa4b084edb8
-
SHA512
3e6b0e45fc6ef180723f152c5e870c7c465e08bd6904c88fd168ee6aba15a27d25ee9636e5ce743602885f47720ede80048383325cd3c041be65cf700ab9fc70
-
SSDEEP
49152:7fGu2+w5GYZ50FAXl5+V7fbLwh2M40iKsqdg+nLdtPjRs92y8:TGu7i50FKcV3MVpZ3dsgd
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
d38d56ebf9e6a1013e9b66ac2b185ac82c59326aa2d1fdce878f8aa4b084edb8
-
Size
2.3MB
-
MD5
b906496bb6426fc2060d87699857de17
-
SHA1
5f0ef49093a807c1fc011fe24f85eb12054fc39d
-
SHA256
d38d56ebf9e6a1013e9b66ac2b185ac82c59326aa2d1fdce878f8aa4b084edb8
-
SHA512
3e6b0e45fc6ef180723f152c5e870c7c465e08bd6904c88fd168ee6aba15a27d25ee9636e5ce743602885f47720ede80048383325cd3c041be65cf700ab9fc70
-
SSDEEP
49152:7fGu2+w5GYZ50FAXl5+V7fbLwh2M40iKsqdg+nLdtPjRs92y8:TGu7i50FKcV3MVpZ3dsgd
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-