Overview

overview

10

Static

static

3

LisectAVT_...51.exe

windows7-x64

10

LisectAVT_...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LisectAVT_2403002A_151.exe

  • Size

    3.0MB

  • Sample

    240724-3qmjrsvamj

  • MD5

    a528d71182717541346487642bb54dd2

  • SHA1

    7c9b47714dfce098237d5df9381fcbe1d856f41d

  • SHA256

    f4880369ec64ebb35bbf6231f9275d82a878e6c3cdfb75468ea1d529b895892d

  • SHA512

    3c1528c17274b79e087684df0b996eecdaa32f675c94b1626240e28c5bf4d78721e297d86dc081c62c127c6203724de26b643e31064da690e4396b6c9c2eeaf3

  • SSDEEP

    49152:UHXp7rU8ffCFoGysq/4iNmPP/n6sfFS9ATuTse7lWxN:U5c8ffCFoTsqAiM3/n/XtUlQ

Score
10/10
riseprodiscoveryevasionstealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:58709

Targets

    • Target

      LisectAVT_2403002A_151.exe

    • Size

      3.0MB

    • MD5

      a528d71182717541346487642bb54dd2

    • SHA1

      7c9b47714dfce098237d5df9381fcbe1d856f41d

    • SHA256

      f4880369ec64ebb35bbf6231f9275d82a878e6c3cdfb75468ea1d529b895892d

    • SHA512

      3c1528c17274b79e087684df0b996eecdaa32f675c94b1626240e28c5bf4d78721e297d86dc081c62c127c6203724de26b643e31064da690e4396b6c9c2eeaf3

    • SSDEEP

      49152:UHXp7rU8ffCFoGysq/4iNmPP/n6sfFS9ATuTse7lWxN:U5c8ffCFoTsqAiM3/n/XtUlQ

    Score
    10/10
    riseprodiscoveryevasionstealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks