privateloader | 2776-3-0x0000000000400000-0x0000000000547000-memory[.]dmp | Triage

Sharing

General

Target

2776-3-0x0000000000400000-0x0000000000547000-memory.dmp
Size

1.3MB
MD5

a648530ea73a5e34999ed054c4b8630a
SHA1

2e08620a71d12f9321bd400cbbd671d66e78fe6c
SHA256

1fa2dc14e62e1dabe682f13a1f84d6e3bcb137964eaa0cfc2f1f06fabc00ea88
SHA512

12de9bc071e237368dbe4d615ddca5bb3d984e874910fce5a283f178972e5c20daded890a795bc43e14bf5fbac3f7588c39d5caec6640db9770ad6c4cd0fd9ba
SSDEEP

24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJGr:8dw/IyPxbgp2iB1Pju3TOr

Score

10^/10

privateloader risepro

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Signatures

Privateloader family
privateloader
Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2776-3-0x0000000000400000-0x0000000000547000-memory.dmp

Files

2776-3-0x0000000000400000-0x0000000000547000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ