General
-
Target
LisectAVT_2403002A_191.exe
-
Size
3.0MB
-
Sample
240724-3t3edsvcjr
-
MD5
96a48d844ea7baae454fe84845e1e581
-
SHA1
77f0819007790eef6ecd0ec1be0e49669132ad3d
-
SHA256
dd43fbaaa8a894e08aa200e56c01dea30c346356440c4373082f25f7be4c3154
-
SHA512
386e0b8deeddd1f66aba2511d3ae62097b37a4e1703595f5107619fcc75985ec30a896bb6b003331086a032a7da27fc695985a504e2677c47bb788e3b6b0a94e
-
SSDEEP
49152:cCq+iwUDIvKCdNlxk6FXA773bojmr2qjZfWP+cxNgK:c3kyCjXk6FXA3304jYpx
Malware Config
Extracted
risepro
193.233.132.62:58709
Targets
-
-
Target
LisectAVT_2403002A_191.exe
-
Size
3.0MB
-
MD5
96a48d844ea7baae454fe84845e1e581
-
SHA1
77f0819007790eef6ecd0ec1be0e49669132ad3d
-
SHA256
dd43fbaaa8a894e08aa200e56c01dea30c346356440c4373082f25f7be4c3154
-
SHA512
386e0b8deeddd1f66aba2511d3ae62097b37a4e1703595f5107619fcc75985ec30a896bb6b003331086a032a7da27fc695985a504e2677c47bb788e3b6b0a94e
-
SSDEEP
49152:cCq+iwUDIvKCdNlxk6FXA773bojmr2qjZfWP+cxNgK:c3kyCjXk6FXA3304jYpx
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-