General

  • Target

    f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580.exe

  • Size

    2.2MB

  • Sample

    250318-l79xyszvgz

  • MD5

    685b3fe3cadb30d9b4a70689c13b7aa8

  • SHA1

    50c048e1304a634dc5a293d3b37499516fc646d3

  • SHA256

    f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580

  • SHA512

    3cb32ce1809fddd56240d387d249ad261233136589b8458ebe292fa9ecc63d59e09351958d95af278a43f570f63bc91cfe7603ba061b915b21d17618ea98d91e

  • SSDEEP

    49152:bSUl6vD5DxN6HHLJ9tuk1rX4XqjgoF0qe0J+jgKXM:bSSwD5Dxk3X4Xq30qe0J+jgj

Malware Config

Extracted

Family

risepro

C2

147.45.47.93:58709

Targets

    • Target

      f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580.exe

    • Size

      2.2MB

    • MD5

      685b3fe3cadb30d9b4a70689c13b7aa8

    • SHA1

      50c048e1304a634dc5a293d3b37499516fc646d3

    • SHA256

      f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580

    • SHA512

      3cb32ce1809fddd56240d387d249ad261233136589b8458ebe292fa9ecc63d59e09351958d95af278a43f570f63bc91cfe7603ba061b915b21d17618ea98d91e

    • SSDEEP

      49152:bSUl6vD5DxN6HHLJ9tuk1rX4XqjgoF0qe0J+jgKXM:bSSwD5Dxk3X4Xq30qe0J+jgj

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks