General
-
Target
ba110d1b75feb2ef6d08093b49fa7c426d472c1e2e280d316ead8a7060f35f66
-
Size
2.3MB
-
Sample
240626-3xkczs1dpa
-
MD5
5fde190df986fdffe61f25bd14a435f2
-
SHA1
a55f75271655afad577d04c89d20f795fbf9978d
-
SHA256
ba110d1b75feb2ef6d08093b49fa7c426d472c1e2e280d316ead8a7060f35f66
-
SHA512
fac463f4834f992202ead5d92cd8e5fbe48731c33b19e313c5a9d869261d19134c9d82b90c3de0b5965a9129b8faaae379d28f2eda90c3889d046763377e222b
-
SSDEEP
49152:FPCwvT34ssZ/XIu4uCkWD+x6xD+pA+5c/sgivBKrW0Lo:tvr3BYn4Xwx0+pAmc/sHBG9o
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
ba110d1b75feb2ef6d08093b49fa7c426d472c1e2e280d316ead8a7060f35f66
-
Size
2.3MB
-
MD5
5fde190df986fdffe61f25bd14a435f2
-
SHA1
a55f75271655afad577d04c89d20f795fbf9978d
-
SHA256
ba110d1b75feb2ef6d08093b49fa7c426d472c1e2e280d316ead8a7060f35f66
-
SHA512
fac463f4834f992202ead5d92cd8e5fbe48731c33b19e313c5a9d869261d19134c9d82b90c3de0b5965a9129b8faaae379d28f2eda90c3889d046763377e222b
-
SSDEEP
49152:FPCwvT34ssZ/XIu4uCkWD+x6xD+pA+5c/sgivBKrW0Lo:tvr3BYn4Xwx0+pAmc/sHBG9o
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-