privateloader | 3044-6-0x0000000000400000-0x0000000000E82000-memory[.]dmp | Triage

Sharing

General

Target

3044-6-0x0000000000400000-0x0000000000E82000-memory.dmp
Size

10.5MB
MD5

3c4e9e178b5eb4ab538e3dd4ba97fb0b
SHA1

8446c53676496c60b75b2521d9a13e5395376281
SHA256

6a3b6f0ebcb7567d1a071f9065b3753bbad1670d9ff9ae1550002936087d0049
SHA512

509a5badbe473a7ae3793ca18447f51d7d822bcb350d37a0cd24cfb3e0bc4b20272856d9ef7e7c9141dfa348381af7a94a6cb9098e2f6bf08f597454c5bfea65
SSDEEP

196608:dmwSbbYbp1n2xWIlRH5hAELO8T+txQbJseoOrV6/4kwyZhtcEtiCB:wbsJGFlRH5WELOyWxQbJsvOrV6/t8ei6

Score

10^/10

privateloader risepro

Malware Config

Extracted

Family

risepro

C2

185.216.70.222

Signatures

Privateloader family
privateloader
Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3044-6-0x0000000000400000-0x0000000000E82000-memory.dmp

Files

3044-6-0x0000000000400000-0x0000000000E82000-memory.dmp
.exe windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ