risepro | 90d5d95b3abb09600ea39b9a58968705967cf7747dd18208fb8220c249002725 | Triage

Submit
Reports

Overview

overview

Static

static

7

vxvault.net_0.exe

windows7-x64

vxvault.net_0.exe

windows10-2004-x64

vxvault.net_0.exe

windows11-21h2-x64

Sharing

General

Target

vxvault.net_0.exe
Size

2.7MB
Sample

240915-xl1b6sxhkf
MD5

d6d04c68b02e6fe72a3ed55ebd36bff0
SHA1

ebf3917deb2d30f95ffedd89bdff3adbc85d74bb
SHA256

90d5d95b3abb09600ea39b9a58968705967cf7747dd18208fb8220c249002725
SHA512

d640502f3e0bbc941c2082f3ebfa805dea8a4d5007b724544c2d7f7af9c96bb766f8e28ce3654adbf273b22c0d54c5e3d241257c4a2936ef781ef2ae9e6ece66
SSDEEP

49152:7RpKlE0flBGyaS+vo+O8KYv5KLSlXIH4lHW5ubiug0+v3N8G:lSBGyaRvog4LSlE4euby9d

Score

10^/10

risepro discovery evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

vxvault.net_0.exe

Resource

win7-20240903-en

risepro discovery evasion stealer themida trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

vxvault.net_0.exe

Resource

win10v2004-20240802-en

risepro discovery evasion stealer themida trojan

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral3

Sample

vxvault.net_0.exe

Resource

win11-20240802-en

risepro discovery evasion stealer themida trojan

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.226:50500

Targets

- Target
  
  vxvault.net_0.exe
- Size
  
  2.7MB
- MD5
  
  d6d04c68b02e6fe72a3ed55ebd36bff0
- SHA1
  
  ebf3917deb2d30f95ffedd89bdff3adbc85d74bb
- SHA256
  
  90d5d95b3abb09600ea39b9a58968705967cf7747dd18208fb8220c249002725
- SHA512
  
  d640502f3e0bbc941c2082f3ebfa805dea8a4d5007b724544c2d7f7af9c96bb766f8e28ce3654adbf273b22c0d54c5e3d241257c4a2936ef781ef2ae9e6ece66
- SSDEEP
  
  49152:7RpKlE0flBGyaS+vo+O8KYv5KLSlXIH4lHW5ubiug0+v3N8G:lSBGyaRvog4LSlE4euby9d
Score

10^/10

risepro discovery evasion stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodiscoveryevasionstealerthemidatrojan

behavioral2

riseprodiscoveryevasionstealerthemidatrojan

behavioral3

riseprodiscoveryevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy