General
-
Target
LisectAVT_2403002A_185.exe
-
Size
2.2MB
-
Sample
240724-3tf66avbqk
-
MD5
e4561ad384f825254ddf8335308bbbcf
-
SHA1
0379bbd4b8684caa337908286b870f5e38a58693
-
SHA256
8506917c0d92df1de8f1f7e6883669a0190d9997532a653d085d51a4e2123d13
-
SHA512
b9da16205ff58c533177ee82c312f232db55434b575a42f0df541711aeea4867589af79d4eb0cff478f080789eb5e1aed016a17e86ab99a3fed53b189b65e9e3
-
SSDEEP
49152:etQqvanIGlHKxr+3nvtzf6Y42KNfH4KNYsONdgEM:BP1qR+fFN42KNfH9ONdW
Malware Config
Extracted
risepro
193.233.132.74:58709
Targets
-
-
Target
LisectAVT_2403002A_185.exe
-
Size
2.2MB
-
MD5
e4561ad384f825254ddf8335308bbbcf
-
SHA1
0379bbd4b8684caa337908286b870f5e38a58693
-
SHA256
8506917c0d92df1de8f1f7e6883669a0190d9997532a653d085d51a4e2123d13
-
SHA512
b9da16205ff58c533177ee82c312f232db55434b575a42f0df541711aeea4867589af79d4eb0cff478f080789eb5e1aed016a17e86ab99a3fed53b189b65e9e3
-
SSDEEP
49152:etQqvanIGlHKxr+3nvtzf6Y42KNfH4KNYsONdgEM:BP1qR+fFN42KNfH9ONdW
Score10/10-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-