General
-
Target
file.exe
-
Size
3.4MB
-
Sample
240730-qhsdts1akq
-
MD5
08babe47a702361d04e2ada7c02b00cd
-
SHA1
f2b3d863dfd2046acda704948c5f1402abefe66c
-
SHA256
fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef
-
SHA512
f5af9a0fdd9c44c8d18435348942d0138fb34875d1038f15623fbdbebe95d5f87485d8c31abbcacf939f198091adcf70b180a3388154afebec67bd5e1b50ff5f
-
SSDEEP
49152:6tKSwRhZ2eDztBs9LE1zsvDc3aRtT/coRAmpsMQHBaGxx9EfaaIPl9PVnZbZWhzc:xR1W9ozScacvdx/aIXPVnZCKwrb+
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
risepro
147.45.47.169
194.110.13.70
Targets
-
-
Target
file.exe
-
Size
3.4MB
-
MD5
08babe47a702361d04e2ada7c02b00cd
-
SHA1
f2b3d863dfd2046acda704948c5f1402abefe66c
-
SHA256
fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef
-
SHA512
f5af9a0fdd9c44c8d18435348942d0138fb34875d1038f15623fbdbebe95d5f87485d8c31abbcacf939f198091adcf70b180a3388154afebec67bd5e1b50ff5f
-
SSDEEP
49152:6tKSwRhZ2eDztBs9LE1zsvDc3aRtT/coRAmpsMQHBaGxx9EfaaIPl9PVnZbZWhzc:xR1W9ozScacvdx/aIXPVnZCKwrb+
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1