risepro | b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68 | Triage

Submit
Reports

Overview

overview

Static

static

3

b72487b4bf...68.exe

windows7-x64

b72487b4bf...68.exe

windows10-2004-x64

Sharing

General

Target

b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68.exe
Size

2.2MB
Sample

250318-jel93sw1ds
MD5

65324661eadd4459ede78e55217111c3
SHA1

f1bf71b3528f870d98c6a96e355a9ce231fc8990
SHA256

b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68
SHA512

7a16d5a094be4f4fe05999bafb653703adc938961ba24aef186ca3e6ead4ad4c596ac26a650a8fea178f2306e09c9e75f9837a365d602fb0d1af2f8ae012d09f
SSDEEP

49152:NiMw8bdotEXsA18SeqUZz3JBFwWIcA0lOkUr1WTascH2SE7Vq:NiIbdyEXh1peP3JBFwgA0R6wNcH2SJ

Score

10^/10

risepro defense_evasion discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68.exe

Resource

win7-20240903-en

risepro defense_evasion discovery stealer

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68.exe

Resource

win10v2004-20250314-en

risepro defense_evasion discovery stealer

windows10-2004-x64

8 signatures

300 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Targets

- Target
  
  b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68.exe
- Size
  
  2.2MB
- MD5
  
  65324661eadd4459ede78e55217111c3
- SHA1
  
  f1bf71b3528f870d98c6a96e355a9ce231fc8990
- SHA256
  
  b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68
- SHA512
  
  7a16d5a094be4f4fe05999bafb653703adc938961ba24aef186ca3e6ead4ad4c596ac26a650a8fea178f2306e09c9e75f9837a365d602fb0d1af2f8ae012d09f
- SSDEEP
  
  49152:NiMw8bdotEXsA18SeqUZz3JBFwWIcA0lOkUr1WTascH2SE7Vq:NiIbdyEXh1peP3JBFwgA0R6wNcH2SJ
Score

10^/10

risepro defense_evasion discovery stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  defense_evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodefense_evasiondiscoverystealer

behavioral2

riseprodefense_evasiondiscoverystealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.