General

  • Target

    6ffd157eb781504eadd72996c2cdbd4881034ffb7f7d2bc4b96d4daa61fb4d86

  • Size

    3.7MB

  • Sample

    240704-2kndfatbpl

  • MD5

    2ab891d9c6b24c5462e32a0bab3d1fec

  • SHA1

    4dbb387d2fce2b47ff3699468590466505ba7554

  • SHA256

    6ffd157eb781504eadd72996c2cdbd4881034ffb7f7d2bc4b96d4daa61fb4d86

  • SHA512

    0317a30e9e70d0ac8416f14a91119504fc40e9a72ee34d358741ebf820367abb3b18e2c64987f6d86d3c4a8952621aebeca83fa027d66edb456c749e56d42d89

  • SSDEEP

    98304:rm3o0QMznQ6mUOAj4H0KikjBY5fgq/crZN:GmMzQ6eAj4HbjBOIkS

Malware Config

Extracted

Family

risepro

C2

194.110.13.70

77.105.133.27

Targets

    • Target

      6ffd157eb781504eadd72996c2cdbd4881034ffb7f7d2bc4b96d4daa61fb4d86

    • Size

      3.7MB

    • MD5

      2ab891d9c6b24c5462e32a0bab3d1fec

    • SHA1

      4dbb387d2fce2b47ff3699468590466505ba7554

    • SHA256

      6ffd157eb781504eadd72996c2cdbd4881034ffb7f7d2bc4b96d4daa61fb4d86

    • SHA512

      0317a30e9e70d0ac8416f14a91119504fc40e9a72ee34d358741ebf820367abb3b18e2c64987f6d86d3c4a8952621aebeca83fa027d66edb456c749e56d42d89

    • SSDEEP

      98304:rm3o0QMznQ6mUOAj4H0KikjBY5fgq/crZN:GmMzQ6eAj4HbjBOIkS

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks