General

  • Target

    fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef.exe

  • Size

    3.4MB

  • Sample

    240731-cg69ps1dpl

  • MD5

    08babe47a702361d04e2ada7c02b00cd

  • SHA1

    f2b3d863dfd2046acda704948c5f1402abefe66c

  • SHA256

    fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef

  • SHA512

    f5af9a0fdd9c44c8d18435348942d0138fb34875d1038f15623fbdbebe95d5f87485d8c31abbcacf939f198091adcf70b180a3388154afebec67bd5e1b50ff5f

  • SSDEEP

    49152:6tKSwRhZ2eDztBs9LE1zsvDc3aRtT/coRAmpsMQHBaGxx9EfaaIPl9PVnZbZWhzc:xR1W9ozScacvdx/aIXPVnZCKwrb+

Malware Config

Extracted

Family

risepro

C2

194.110.13.70

147.45.47.169

Targets

    • Target

      fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef.exe

    • Size

      3.4MB

    • MD5

      08babe47a702361d04e2ada7c02b00cd

    • SHA1

      f2b3d863dfd2046acda704948c5f1402abefe66c

    • SHA256

      fdf378efa5749387f813c8a3de2d1e964a9eda5a509cf5c4996980d7af5badef

    • SHA512

      f5af9a0fdd9c44c8d18435348942d0138fb34875d1038f15623fbdbebe95d5f87485d8c31abbcacf939f198091adcf70b180a3388154afebec67bd5e1b50ff5f

    • SSDEEP

      49152:6tKSwRhZ2eDztBs9LE1zsvDc3aRtT/coRAmpsMQHBaGxx9EfaaIPl9PVnZbZWhzc:xR1W9ozScacvdx/aIXPVnZCKwrb+

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks