General

  • Target

    00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe

  • Size

    2.3MB

  • Sample

    250318-1djw1a1rx9

  • MD5

    f2598274439c3db1ee095a82ee6f0971

  • SHA1

    64f8ce6db7eba1378364a390be024a418b24e74f

  • SHA256

    00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46

  • SHA512

    40f9419d63d4ec3264d1dcc3baea5f959b5d295633a9856c63912669e09e682d1c6fddc40c8bfb88762e57824c4f5c3783554bda234de89e43f40122830465f8

  • SSDEEP

    49152:mGHMf+Ns38A7KxCB/l9Xv9obM27oZVehCpNtBWbYz5gVmdi:mRfhMAWcB/D9MML3ehCpnMEFgVui

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

    • Target

      00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe

    • Size

      2.3MB

    • MD5

      f2598274439c3db1ee095a82ee6f0971

    • SHA1

      64f8ce6db7eba1378364a390be024a418b24e74f

    • SHA256

      00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46

    • SHA512

      40f9419d63d4ec3264d1dcc3baea5f959b5d295633a9856c63912669e09e682d1c6fddc40c8bfb88762e57824c4f5c3783554bda234de89e43f40122830465f8

    • SSDEEP

      49152:mGHMf+Ns38A7KxCB/l9Xv9obM27oZVehCpNtBWbYz5gVmdi:mRfhMAWcB/D9MML3ehCpnMEFgVui

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks