a8f56c9ee72b1e136e9fba2e0641dee5651cf6eb30af74cc840e23aa24951c74 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Rise_selfbot.exe
Size

63.7MB
Sample

230411-csbl6sbe5y
MD5

e52fd5fb999d92ff0e1113551d7d64f5
SHA1

5c2c8d3ee2bb6db37bf1af2ed26a200aa1ba24c7
SHA256

a8f56c9ee72b1e136e9fba2e0641dee5651cf6eb30af74cc840e23aa24951c74
SHA512

410885a11d534e22e7e7f576819389d7bec71d372a92e88d857c2af393720638c009a16c2648e96b078f614a73f7027778d81d8b058904415a56fb7244723b5d
SSDEEP

786432:fMguj8Q4VfvjqFTrYYRWspoQ/ogKEFDAXEk9cqmDAtYht32VrW2/2T:fiAQIHjkHd4sSdgKkFkS8tYve62/2T

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Rise_selfbot.exe
- Size
  
  63.7MB
- MD5
  
  e52fd5fb999d92ff0e1113551d7d64f5
- SHA1
  
  5c2c8d3ee2bb6db37bf1af2ed26a200aa1ba24c7
- SHA256
  
  a8f56c9ee72b1e136e9fba2e0641dee5651cf6eb30af74cc840e23aa24951c74
- SHA512
  
  410885a11d534e22e7e7f576819389d7bec71d372a92e88d857c2af393720638c009a16c2648e96b078f614a73f7027778d81d8b058904415a56fb7244723b5d
- SSDEEP
  
  786432:fMguj8Q4VfvjqFTrYYRWspoQ/ogKEFDAXEk9cqmDAtYht32VrW2/2T:fiAQIHjkHd4sSdgKkFkS8tYve62/2T
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2