risepro | 9cd46c928c7282585609a42b92f57089275093382cb60fd2657e2b2e9db21291 | Triage

Sharing

General

Target

0e3b778b34fe8fd7c9a03bad51f56870N.exe
Size

2.4MB
Sample

240819-r8g68aterm
MD5

0e3b778b34fe8fd7c9a03bad51f56870
SHA1

7fce5e78868bc5470653d93a183bccdfdd638f4e
SHA256

9cd46c928c7282585609a42b92f57089275093382cb60fd2657e2b2e9db21291
SHA512

3b402720e6e41779ae55696fbb8d43cc0edbf43108683057fd5c4b3c6ce68a8925792f6c789c8189037fbf3413e0ecae7d2db8792b57f06f61490a024a28ceb3
SSDEEP

49152:LVNy6AznyWSd3tYHxRMJiHDmYH+Hk7NeXibmixFcHF3S:LVobnDSd9ynCJTk7NeSbm3

Score

10^/10

risepro discovery evasion stealer

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

- Target
  
  0e3b778b34fe8fd7c9a03bad51f56870N.exe
- Size
  
  2.4MB
- MD5
  
  0e3b778b34fe8fd7c9a03bad51f56870
- SHA1
  
  7fce5e78868bc5470653d93a183bccdfdd638f4e
- SHA256
  
  9cd46c928c7282585609a42b92f57089275093382cb60fd2657e2b2e9db21291
- SHA512
  
  3b402720e6e41779ae55696fbb8d43cc0edbf43108683057fd5c4b3c6ce68a8925792f6c789c8189037fbf3413e0ecae7d2db8792b57f06f61490a024a28ceb3
- SSDEEP
  
  49152:LVNy6AznyWSd3tYHxRMJiHDmYH+Hk7NeXibmixFcHF3S:LVobnDSd9ynCJTk7NeSbm3
Score

10^/10

risepro discovery evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodiscoveryevasionstealer

behavioral2

riseprodiscoveryevasionstealer