General

  • Target

    0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2

  • Size

    4.6MB

  • Sample

    240801-2ewgvszbkp

  • MD5

    9f94ba372ce87a8ec90f0a43b6b9f7b6

  • SHA1

    19777ba5b1006b5906fdccecc079a4d239bed187

  • SHA256

    0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2

  • SHA512

    b11cfad7da0254554524862fdc00baa85ebf7e774fc0eb5e94ca70838dda2339231daef65e7cbce56283ca30888e9dd2239a205da1f0b11672aeedd442b5ff44

  • SSDEEP

    98304:MSyPy1mHB7Dt4i2bXcFTe24oFX/wJO4wHkUmRKlDfO15IZ0:MSCyUHVii2bXkT5Za5RKlDfO1qZ0

Malware Config

Extracted

Family

risepro

C2

194.110.13.70

147.45.47.169

Targets

    • Target

      0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2

    • Size

      4.6MB

    • MD5

      9f94ba372ce87a8ec90f0a43b6b9f7b6

    • SHA1

      19777ba5b1006b5906fdccecc079a4d239bed187

    • SHA256

      0203d873e829973442286495a39d5f214af944f8298784a2273e7181e3b281d2

    • SHA512

      b11cfad7da0254554524862fdc00baa85ebf7e774fc0eb5e94ca70838dda2339231daef65e7cbce56283ca30888e9dd2239a205da1f0b11672aeedd442b5ff44

    • SSDEEP

      98304:MSyPy1mHB7Dt4i2bXcFTe24oFX/wJO4wHkUmRKlDfO15IZ0:MSCyUHVii2bXkT5Za5RKlDfO1qZ0

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks