General
-
Target
Riseinstaller.zip
-
Size
20.1MB
-
Sample
240428-t3lcssbh38
-
MD5
f62ad87c92cb19928da364ecc744bfcd
-
SHA1
f4458e44dc244ab051d09311e1dbb9e29d58a42b
-
SHA256
75538b5146169c7ec795100e43b5f7b3e3fd32d8abf5a86b8ecb14a415f1f979
-
SHA512
adb0a79dedf1354b96a1c6b8c2c251518d9298475fa4336477494fc105f4b37bc2764bd72c5ea3608b2b97a7cbb75c0bd319788d78d53d4e78aa1c356003f5a7
-
SSDEEP
393216:MVWseIsxdLo7nZ+5AzGdtUCsdolWllWkBbgrpLoDnMRHpa3vMH0T:qW0sxd87n4l3UCsKlcWkBgrsnOJcvMHA
Behavioral task
behavioral1
Sample
Rise installer.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
Rise installer.exe
-
Size
20.4MB
-
MD5
856459997fb96b62ef09c90e4769d7e1
-
SHA1
d28447c5a7fe075bc60865ea136d4ea78ed81f00
-
SHA256
b37b9294b5fa79b355bc2df0c79e1e9a6e53a7e043e626b8703074009542f26d
-
SHA512
7d8afd31b5392bd1eacd0b5a92e3a16ede4bce53bf4d0836eb63bb657f05ebfa129369ad0e40a2843fccf956257b02e40f4e79c8724d8a4343388a30c2c43ab7
-
SSDEEP
393216:wEkZQtsukT+X0P8AxYDX1+TtIiFqCuARuAQhFXmbrr7PzWF56uA:whQtsX6XX71QtI1CuAgh8rXCL6uA
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-