Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0x0008000000022e09-27.dat

  • Size

    1.5MB

  • Sample

    231126-1bwg1scd73

  • MD5

    b8bf3d5f6baca39b37ec61d9f26ecdf3

  • SHA1

    18ff98716ae93d64554045410a9e4a4592d30723

  • SHA256

    7c43d4801a46954f1aad314a1610f006e1614676f6eec7d2c48322335486a2c8

  • SHA512

    cd34fed5ded0265890cfccd18ee249febf0d63ce633ef2a816b2ae5cd64ba9b2a661554b75ae9cfee84597a6343c74d278626607c017ccdfacea4587a9681012

  • SSDEEP

    24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WoI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTP

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      0x0008000000022e09-27.dat

    • Size

      1.5MB

    • MD5

      b8bf3d5f6baca39b37ec61d9f26ecdf3

    • SHA1

      18ff98716ae93d64554045410a9e4a4592d30723

    • SHA256

      7c43d4801a46954f1aad314a1610f006e1614676f6eec7d2c48322335486a2c8

    • SHA512

      cd34fed5ded0265890cfccd18ee249febf0d63ce633ef2a816b2ae5cd64ba9b2a661554b75ae9cfee84597a6343c74d278626607c017ccdfacea4587a9681012

    • SSDEEP

      24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WoI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTP

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks