risepro | bae00511eb8725ac9c54915f71cc6320f987aad7d236fd0abe832407a2c66661 | Triage

Sharing

General

Target

bae00511eb8725ac9c54915f71cc6320f987aad7d236fd0abe832407a2c66661
Size

2.3MB
Sample

240626-eesdwatbkc
MD5

d07fd51d062969f797d99f2335289bd3
SHA1

4efac901b940aac9ec58d2a38f02f89f921cba7a
SHA256

bae00511eb8725ac9c54915f71cc6320f987aad7d236fd0abe832407a2c66661
SHA512

9552a25d3928122144bfb9b2f922fa9d0a2793a37bc47deb92701e86e9be05d1ff1a988d536cd0b1000ac124ea7d6ef27ea73ed0aad2b79ba6749435c1c0b0fa
SSDEEP

49152:Mt85+6rA2ABFN56vuUZ18VlajmJci+gNWBZ0JystKw2GoM/xftpplw:MPcA2uIukel2Fi+CJys0dFMt7w

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

- Target
  
  bae00511eb8725ac9c54915f71cc6320f987aad7d236fd0abe832407a2c66661
- Size
  
  2.3MB
- MD5
  
  d07fd51d062969f797d99f2335289bd3
- SHA1
  
  4efac901b940aac9ec58d2a38f02f89f921cba7a
- SHA256
  
  bae00511eb8725ac9c54915f71cc6320f987aad7d236fd0abe832407a2c66661
- SHA512
  
  9552a25d3928122144bfb9b2f922fa9d0a2793a37bc47deb92701e86e9be05d1ff1a988d536cd0b1000ac124ea7d6ef27ea73ed0aad2b79ba6749435c1c0b0fa
- SSDEEP
  
  49152:Mt85+6rA2ABFN56vuUZ18VlajmJci+gNWBZ0JystKw2GoM/xftpplw:MPcA2uIukel2Fi+CJys0dFMt7w
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer