Overview

overview

10

Static

static

10

2880-0-0x0...ry.exe

windows7-x64

2880-0-0x0...ry.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2880-0-0x0000000000380000-0x0000000000AD7000-memory.dmp

  • Size

    7.3MB

  • MD5

    a11a4dc9218d3d7be8d5f31c81616829

  • SHA1

    c8941ecd049302e087aa898f11bfc909cc38ee02

  • SHA256

    9c2fc4c6638e486e8319943aedb2b16d9bf531587b2e6255f3c2ec662fece800

  • SHA512

    60ede95249336fd6b00bb20589a66d634c80b25dbbd7fb57d81bff2ddbe102f58fa46c8c5a7275651a6ffa777fb69141bba3f5fd7dcf332f29561f2d9b181d4d

  • SSDEEP

    196608:+WGAGbYd5MTtfj3NMS75g1Umv3oLCIHJC5K3e9N+8Wf:sbY3MTtbNMS7jlLTJC3E1

Score
10/10
vmprotectprivateloaderrisepro

Malware Config

Extracted

Family

risepro

C2

194.169.175.123

Signatures

  • Privateloader family
    privateloader
  • Risepro family
    risepro
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2880-0-0x0000000000380000-0x0000000000AD7000-memory.dmp
    .exe windows:6 windows x86


    Headers

    Sections