General

  • Target

    ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe

  • Size

    2.4MB

  • Sample

    250318-kffpcs1py3

  • MD5

    4a36fa7c0ccbc6842c541a6439ab545a

  • SHA1

    9257009dd59ac4db2518293bcd46be058d937284

  • SHA256

    ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f

  • SHA512

    13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77

  • SSDEEP

    49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

    • Target

      ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe

    • Size

      2.4MB

    • MD5

      4a36fa7c0ccbc6842c541a6439ab545a

    • SHA1

      9257009dd59ac4db2518293bcd46be058d937284

    • SHA256

      ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f

    • SHA512

      13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77

    • SSDEEP

      49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.