privateloader | 6fc551a2e16a15b77aff3fd110813b169c1d6c302d02c7746998ac937dcb8b34 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fc551a2e16a15b77aff3fd110813b169c1d6c302d02c7746998ac937dcb8b34
Size

1.5MB
Sample

231127-pxe7dage43
MD5

b1d49dd0b0f6f210d620914b893de65c
SHA1

66bbcce9831367b42fd70b928bd5e4716c376333
SHA256

6fc551a2e16a15b77aff3fd110813b169c1d6c302d02c7746998ac937dcb8b34
SHA512

d6cfef45de22b0cc8898cdbef9f521b36029361fc5604780a255f04dc77361981e35f4c83980dde44951ffb75fa27336f8c9434f5873817790723e5937335750
SSDEEP

24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WNI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTy

Score

10^/10

privateloader risepro persistence

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

- Target
  
  6fc551a2e16a15b77aff3fd110813b169c1d6c302d02c7746998ac937dcb8b34
- Size
  
  1.5MB
- MD5
  
  b1d49dd0b0f6f210d620914b893de65c
- SHA1
  
  66bbcce9831367b42fd70b928bd5e4716c376333
- SHA256
  
  6fc551a2e16a15b77aff3fd110813b169c1d6c302d02c7746998ac937dcb8b34
- SHA512
  
  d6cfef45de22b0cc8898cdbef9f521b36029361fc5604780a255f04dc77361981e35f4c83980dde44951ffb75fa27336f8c9434f5873817790723e5937335750
- SSDEEP
  
  24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WNI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTy
Score

7^/10

persistence
- Drops startup file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

privateloaderrisepro

behavioral1