General
-
Target
8256b66a44eeb89d26659c79433cad34290dd66e972fadc9de9e0e4a914a0f54
-
Size
2.4MB
-
Sample
240627-2zn9aawgrc
-
MD5
ca9e63f785887ae3efee5eb6f9b5f45a
-
SHA1
5b02c8ff5b32c21f95d4c65244167f5b7347d3b4
-
SHA256
8256b66a44eeb89d26659c79433cad34290dd66e972fadc9de9e0e4a914a0f54
-
SHA512
883804f07dd4d83d796bca453994706083c9bbed1d9a19320940a3d22ea5c0d1f8f35957f3d8ef9abf8b0cea874b8751e05bbc05123b04f3ed3f1a2e24199e34
-
SSDEEP
49152:m97AXHUU9GxPceFJ/Bt/hsS8gE1GkwVIlMn6qwn2QEhtYjze59ViuAhPZ:maHUCK1RXRE1SqC6JEIjze59VYZ
Malware Config
Extracted
risepro
77.91.77.66:58709
Targets
-
-
Target
8256b66a44eeb89d26659c79433cad34290dd66e972fadc9de9e0e4a914a0f54
-
Size
2.4MB
-
MD5
ca9e63f785887ae3efee5eb6f9b5f45a
-
SHA1
5b02c8ff5b32c21f95d4c65244167f5b7347d3b4
-
SHA256
8256b66a44eeb89d26659c79433cad34290dd66e972fadc9de9e0e4a914a0f54
-
SHA512
883804f07dd4d83d796bca453994706083c9bbed1d9a19320940a3d22ea5c0d1f8f35957f3d8ef9abf8b0cea874b8751e05bbc05123b04f3ed3f1a2e24199e34
-
SSDEEP
49152:m97AXHUU9GxPceFJ/Bt/hsS8gE1GkwVIlMn6qwn2QEhtYjze59ViuAhPZ:maHUCK1RXRE1SqC6JEIjze59VYZ
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-