General

  • Target

    fb4fc52edce60144470de15c05641f07ceccce38c7cf668f76d7f8260f4fe94f.exe

  • Size

    2.2MB

  • Sample

    250318-l913tszwb1

  • MD5

    61d748efcfca4df87cb46e45dd9f8bae

  • SHA1

    6b93f5a69750ac8e7579141acac5a38ed9e2c86b

  • SHA256

    fb4fc52edce60144470de15c05641f07ceccce38c7cf668f76d7f8260f4fe94f

  • SHA512

    003f18014770a6689ef49c4a6d7ea03fe570838f2bc394685fe6157985884d99798304b7b8b1c367651f63fbfbc39fed8b691b7a8453a5f0751e66d3ddf12c95

  • SSDEEP

    49152:dgwSFxJGGWx8tUzPEG/K2PQT4z0/WgOcUqZLpFtJgUJ:dhSF74eGEmKNfROcPDH

Malware Config

Extracted

Family

risepro

C2

193.233.132.74:58709

Targets

    • Target

      fb4fc52edce60144470de15c05641f07ceccce38c7cf668f76d7f8260f4fe94f.exe

    • Size

      2.2MB

    • MD5

      61d748efcfca4df87cb46e45dd9f8bae

    • SHA1

      6b93f5a69750ac8e7579141acac5a38ed9e2c86b

    • SHA256

      fb4fc52edce60144470de15c05641f07ceccce38c7cf668f76d7f8260f4fe94f

    • SHA512

      003f18014770a6689ef49c4a6d7ea03fe570838f2bc394685fe6157985884d99798304b7b8b1c367651f63fbfbc39fed8b691b7a8453a5f0751e66d3ddf12c95

    • SSDEEP

      49152:dgwSFxJGGWx8tUzPEG/K2PQT4z0/WgOcUqZLpFtJgUJ:dhSF74eGEmKNfROcPDH

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks