General

  • Target

    f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18.exe

  • Size

    4.0MB

  • Sample

    250318-lx4m7aztay

  • MD5

    5fe48966c2f11e09fd518e77118d6b1e

  • SHA1

    71ac5d567f1485454b0a3b04cece2d40cf8c0fa0

  • SHA256

    f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18

  • SHA512

    392f086ce8eebaa66896a81b3795543f57086142d880f426b97240d106f8e4501222fb0725038750d70ce8d0e810d82c1048f2f761212b13cdbc632d4a7b4575

  • SSDEEP

    98304:R+++MEQcFUcyrwHeeLn/I9QJo+W9NKdj5tskdoNr+OqWl:sMN9MeeLn/hJoZNKLtskdoNr+Za

Malware Config

Extracted

Family

risepro

C2

193.233.132.47:50500

Targets

    • Target

      f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18.exe

    • Size

      4.0MB

    • MD5

      5fe48966c2f11e09fd518e77118d6b1e

    • SHA1

      71ac5d567f1485454b0a3b04cece2d40cf8c0fa0

    • SHA256

      f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18

    • SHA512

      392f086ce8eebaa66896a81b3795543f57086142d880f426b97240d106f8e4501222fb0725038750d70ce8d0e810d82c1048f2f761212b13cdbc632d4a7b4575

    • SSDEEP

      98304:R+++MEQcFUcyrwHeeLn/I9QJo+W9NKdj5tskdoNr+OqWl:sMN9MeeLn/hJoZNKLtskdoNr+Za

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks