Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0x0007000000022dd1-26.dat

  • Size

    1.5MB

  • Sample

    231126-k2jcdagb92

  • MD5

    160385423bd570c6fa08a85120cc54cf

  • SHA1

    b7f74d0e820115ba316cb2d8a47cbf1e236d96c8

  • SHA256

    80b247b52a7e5c83564d96f10e47287f48f196e3fa8b8c7f093a87773f93033b

  • SHA512

    d27b8987110c19e21f18b612a21006c39a1d65f264a43569f712a77a7db51515657398468aa5425dea92e1736578345393b2ebe48e6268fe24e55e92af414969

  • SSDEEP

    24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WoI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTP

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      0x0007000000022dd1-26.dat

    • Size

      1.5MB

    • MD5

      160385423bd570c6fa08a85120cc54cf

    • SHA1

      b7f74d0e820115ba316cb2d8a47cbf1e236d96c8

    • SHA256

      80b247b52a7e5c83564d96f10e47287f48f196e3fa8b8c7f093a87773f93033b

    • SHA512

      d27b8987110c19e21f18b612a21006c39a1d65f264a43569f712a77a7db51515657398468aa5425dea92e1736578345393b2ebe48e6268fe24e55e92af414969

    • SSDEEP

      24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WoI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTP

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks