General

  • Target

    a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858.exe

  • Size

    3.3MB

  • Sample

    250318-hvmecazmv2

  • MD5

    d5a654fb53d2bd2d39840e81f7725bf9

  • SHA1

    49e0cceac03cf02564ae0100c0b5b98e36555f10

  • SHA256

    a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858

  • SHA512

    0eed8c1ae671c0b954a9a3fc37f98140db19a537881a0ac2437dc9e3b091cb31f0bf34f137f55fc6a830d64014c7914cc37a281ef0df012344c419d3e25e9ca3

  • SSDEEP

    98304:FvRJedU3DGLDZUEi/pQoTFYYoPRmxxWmPH:FvIgDGHvUbTfoYOmv

Malware Config

Extracted

Family

risepro

C2

5.42.65.117:50500

Targets

    • Target

      a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858.exe

    • Size

      3.3MB

    • MD5

      d5a654fb53d2bd2d39840e81f7725bf9

    • SHA1

      49e0cceac03cf02564ae0100c0b5b98e36555f10

    • SHA256

      a84bfb4e378224cce70975bcfc0e3dd82ee09fc107d8e1f697ec99bf4e778858

    • SHA512

      0eed8c1ae671c0b954a9a3fc37f98140db19a537881a0ac2437dc9e3b091cb31f0bf34f137f55fc6a830d64014c7914cc37a281ef0df012344c419d3e25e9ca3

    • SSDEEP

      98304:FvRJedU3DGLDZUEi/pQoTFYYoPRmxxWmPH:FvIgDGHvUbTfoYOmv

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks