Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

0x00080000...26.exe

windows7-x64

10

0x00080000...26.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0008000000022cc9-26.dat

  • Size

    1.5MB

  • Sample

    231126-hfdtnafd8w

  • MD5

    e29cd4bb94b479ca28d74b5469fbcd87

  • SHA1

    14147636de14b04c9a5e5d23d97654cdf8622c72

  • SHA256

    1c18920b41514314b75dd6baf708974a26d03f424b501d8ca6a31dc000b0c8f7

  • SHA512

    3ee95b030613071646925515836c0396d4b06b9ad1ac137815b16dc7eeed869a408f2c3fcc57af99a6f0e147f286b4011b322f8d5263f389b8ba5bfad44b5c32

  • SSDEEP

    24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WoI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTP

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      0x0008000000022cc9-26.dat

    • Size

      1.5MB

    • MD5

      e29cd4bb94b479ca28d74b5469fbcd87

    • SHA1

      14147636de14b04c9a5e5d23d97654cdf8622c72

    • SHA256

      1c18920b41514314b75dd6baf708974a26d03f424b501d8ca6a31dc000b0c8f7

    • SHA512

      3ee95b030613071646925515836c0396d4b06b9ad1ac137815b16dc7eeed869a408f2c3fcc57af99a6f0e147f286b4011b322f8d5263f389b8ba5bfad44b5c32

    • SSDEEP

      24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WoI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTP

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks