General

  • Target

    da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff.exe

  • Size

    2.2MB

  • Sample

    250318-k3cwzsyvgv

  • MD5

    dee688451dfcd52d620e8c8201a7a5bc

  • SHA1

    4f798d70892251af7c0e31ca56f79abd7252ceff

  • SHA256

    da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff

  • SHA512

    ac17271ba35741b93486a4f7492738e3742dc8308b63b7af0ec6c484c7b5ba1dca346c05e0e907a417553f0a7b8a3137d2b1fe3f79b85b4549a2d6f897c88a33

  • SSDEEP

    49152:oSUl6vD5DxN6HHLJ9tLb69B7Bz6rmPxwg9c7SEDkVz1ZYL+sZL:oSSwD5Dxk56j7B2rmPxwXXDkVzUnL

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff.exe

    • Size

      2.2MB

    • MD5

      dee688451dfcd52d620e8c8201a7a5bc

    • SHA1

      4f798d70892251af7c0e31ca56f79abd7252ceff

    • SHA256

      da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff

    • SHA512

      ac17271ba35741b93486a4f7492738e3742dc8308b63b7af0ec6c484c7b5ba1dca346c05e0e907a417553f0a7b8a3137d2b1fe3f79b85b4549a2d6f897c88a33

    • SSDEEP

      49152:oSUl6vD5DxN6HHLJ9tLb69B7Bz6rmPxwg9c7SEDkVz1ZYL+sZL:oSSwD5Dxk56j7B2rmPxwXXDkVzUnL

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks