General

  • Target

    b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68.exe

  • Size

    2.2MB

  • Sample

    250318-jel93sw1ds

  • MD5

    65324661eadd4459ede78e55217111c3

  • SHA1

    f1bf71b3528f870d98c6a96e355a9ce231fc8990

  • SHA256

    b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68

  • SHA512

    7a16d5a094be4f4fe05999bafb653703adc938961ba24aef186ca3e6ead4ad4c596ac26a650a8fea178f2306e09c9e75f9837a365d602fb0d1af2f8ae012d09f

  • SSDEEP

    49152:NiMw8bdotEXsA18SeqUZz3JBFwWIcA0lOkUr1WTascH2SE7Vq:NiIbdyEXh1peP3JBFwgA0R6wNcH2SJ

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Targets

    • Target

      b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68.exe

    • Size

      2.2MB

    • MD5

      65324661eadd4459ede78e55217111c3

    • SHA1

      f1bf71b3528f870d98c6a96e355a9ce231fc8990

    • SHA256

      b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68

    • SHA512

      7a16d5a094be4f4fe05999bafb653703adc938961ba24aef186ca3e6ead4ad4c596ac26a650a8fea178f2306e09c9e75f9837a365d602fb0d1af2f8ae012d09f

    • SSDEEP

      49152:NiMw8bdotEXsA18SeqUZz3JBFwWIcA0lOkUr1WTascH2SE7Vq:NiIbdyEXh1peP3JBFwgA0R6wNcH2SJ

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.