risepro | 721a20928239475312d70ee30d402768348d81e72f67363a92e34ed087a545e7 | Triage

Sharing

General

Target

721a20928239475312d70ee30d402768348d81e72f67363a92e34ed087a545e7.exe
Size

2.2MB
Sample

240725-d9krvawgmq
MD5

cc4a3a36d266e313523feb9146c56df6
SHA1

094ef8de8465d13ea82a0f9daf13474f4f11bc17
SHA256

721a20928239475312d70ee30d402768348d81e72f67363a92e34ed087a545e7
SHA512

32c83ba930b1d6b3d88f4306f28acf0303694d6f995574d5b7201855fb3f5e275c3cd47408959ab2c70259fe4595f2ac2774fcc95f311dfbc30d64a872a968bd
SSDEEP

49152:AB0vmtT5qmRdVuL9rNM9xz4mA6JMk1Y0/GiII:A2WYmRdVuLRNIfMk14I

Score

10^/10

risepro discovery evasion stealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.74:58709

Targets

- Target
  
  721a20928239475312d70ee30d402768348d81e72f67363a92e34ed087a545e7.exe
- Size
  
  2.2MB
- MD5
  
  cc4a3a36d266e313523feb9146c56df6
- SHA1
  
  094ef8de8465d13ea82a0f9daf13474f4f11bc17
- SHA256
  
  721a20928239475312d70ee30d402768348d81e72f67363a92e34ed087a545e7
- SHA512
  
  32c83ba930b1d6b3d88f4306f28acf0303694d6f995574d5b7201855fb3f5e275c3cd47408959ab2c70259fe4595f2ac2774fcc95f311dfbc30d64a872a968bd
- SSDEEP
  
  49152:AB0vmtT5qmRdVuL9rNM9xz4mA6JMk1Y0/GiII:A2WYmRdVuLRNIfMk14I
Score

10^/10

risepro discovery evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodiscoveryevasionstealer

behavioral2

riseprodiscoveryevasionstealer