Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1e0edee82e5c6001c7477c88533f73f26964fff8cd4ff7822822a5788ee7efd

  • Size

    1.9MB

  • Sample

    231129-h6zttaeh26

  • MD5

    86e822cb5f5c32949e4bb5efe9f64190

  • SHA1

    b9617c037576e4fae89e0152d39d3b26fea68012

  • SHA256

    e1e0edee82e5c6001c7477c88533f73f26964fff8cd4ff7822822a5788ee7efd

  • SHA512

    5536f9ebe7477bc8a21a56b3d2cd4d438cd454f42957b8e312905bf4f80968d5bb6d78567d56c75f206018c75ae1ec5a598ab8e934ca8339f268393bbf6c2710

  • SSDEEP

    49152:CSNarceycidJa3Jyl4XldfYyv1/xZjGSipYJ5C+:JeycidJa5RfZjnR5

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      e1e0edee82e5c6001c7477c88533f73f26964fff8cd4ff7822822a5788ee7efd

    • Size

      1.9MB

    • MD5

      86e822cb5f5c32949e4bb5efe9f64190

    • SHA1

      b9617c037576e4fae89e0152d39d3b26fea68012

    • SHA256

      e1e0edee82e5c6001c7477c88533f73f26964fff8cd4ff7822822a5788ee7efd

    • SHA512

      5536f9ebe7477bc8a21a56b3d2cd4d438cd454f42957b8e312905bf4f80968d5bb6d78567d56c75f206018c75ae1ec5a598ab8e934ca8339f268393bbf6c2710

    • SSDEEP

      49152:CSNarceycidJa3Jyl4XldfYyv1/xZjGSipYJ5C+:JeycidJa5RfZjnR5

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks