General
-
Target
LisectAVT_2403002A_140.exe
-
Size
2.2MB
-
Sample
240724-3p1p1axdqe
-
MD5
8623f3410c6571a3880ed83c11197518
-
SHA1
35396e27d5528a5c4740a93be024ec11db698df2
-
SHA256
421f1f9e96fc1d6d553fa47a0ae79c23751471a02174524465eff1f6ec1fe897
-
SHA512
a9368b3e1c82538c226ad065522e005d5451787c37997e3089fb226c4f00180fe4b6c3338b6fb35769494565313c5c5542903633722300b64992a4006fe74313
-
SSDEEP
49152:t/pAjCpBAG643phrM/A09sRK0cFCo8e6Sy:TqYAGH3p9j09sQ0Jfe6
Malware Config
Extracted
risepro
193.233.132.74:58709
Targets
-
-
Target
LisectAVT_2403002A_140.exe
-
Size
2.2MB
-
MD5
8623f3410c6571a3880ed83c11197518
-
SHA1
35396e27d5528a5c4740a93be024ec11db698df2
-
SHA256
421f1f9e96fc1d6d553fa47a0ae79c23751471a02174524465eff1f6ec1fe897
-
SHA512
a9368b3e1c82538c226ad065522e005d5451787c37997e3089fb226c4f00180fe4b6c3338b6fb35769494565313c5c5542903633722300b64992a4006fe74313
-
SSDEEP
49152:t/pAjCpBAG643phrM/A09sRK0cFCo8e6Sy:TqYAGH3p9j09sQ0Jfe6
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-