risepro | a9e35aa52c2f983f115ae9d440a94e16da50417bae6a1bbfd31e40c9cebc70c6 | Triage

Sharing

General

Target

a0e213177ee87cbb5ec32bef195bbfa9.bin
Size

2.3MB
Sample

240630-dqbd3awgjq
MD5

f4e8a185eb5793520f19763baf814235
SHA1

b4ffc85ed1beb0d1cd9b8e0b582f972d1080fdf7
SHA256

a9e35aa52c2f983f115ae9d440a94e16da50417bae6a1bbfd31e40c9cebc70c6
SHA512

2b45bdc33043c2276cb0bab03cdf64a333f18763c6050e78dde72f4329ecd094691c146cb6f378b33eaa5373abef7f4f76461f3b3944581b10eb424e813e75d9
SSDEEP

49152:sbVSAFX9Hj2JDAW53IQysC3KsxWudyTpNT/nMi7rkaLkuDiA:KSAthyJDpusuKsWt5Nk0

Score

10^/10

risepro evasion stealer

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

- Target
  
  141be7789497012b7911cabb1307e25e19f747e2e8fb5375f9cddff7e5f28265.exe
- Size
  
  2.3MB
- MD5
  
  a0e213177ee87cbb5ec32bef195bbfa9
- SHA1
  
  6265b138b96d83b070ce14cc16e528bdf68aa160
- SHA256
  
  141be7789497012b7911cabb1307e25e19f747e2e8fb5375f9cddff7e5f28265
- SHA512
  
  421a34499b2c6b74db08c527cc9fc11c0d590e0572fe8cb4fd8a4bf857e396f3fac892fdf944dc8a9e63aa3b57a0c2585ef8be2cf5f36f897110890540a4b54f
- SSDEEP
  
  49152:n6CEHkNJDeZ2sZb3l+8R9lko90cf423IC/bVAvOe8HPPRgnda6cv3mVQdw:nikuZB13l+87lko90cf423z6vOeg2d86
Score

10^/10

risepro evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer