Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2a1aa7c9939633566c1449fd70c8f452ac60ad28f4e17bbd303f952b11ef5ca

  • Size

    1.9MB

  • Sample

    231129-krxr1sfb74

  • MD5

    9dadcb36329348c3632e89418947df14

  • SHA1

    a7af32599c5a3bdb838117b6fa6083f495dcfc9c

  • SHA256

    a2a1aa7c9939633566c1449fd70c8f452ac60ad28f4e17bbd303f952b11ef5ca

  • SHA512

    327355722c6adfe9ee50da10432a96c8291261e779580208be1c246189d79e92805ced326c1c4a5d587fccd01d84b0bead6fb7c9696f75d37a1b081c8fd51373

  • SSDEEP

    49152:xiht3UV4R4q3XT8xn+ENcvrUI3qwIRCNyoEn8zIJ2wPD5:8f3UV4RPN5qwf28zg2o

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      a2a1aa7c9939633566c1449fd70c8f452ac60ad28f4e17bbd303f952b11ef5ca

    • Size

      1.9MB

    • MD5

      9dadcb36329348c3632e89418947df14

    • SHA1

      a7af32599c5a3bdb838117b6fa6083f495dcfc9c

    • SHA256

      a2a1aa7c9939633566c1449fd70c8f452ac60ad28f4e17bbd303f952b11ef5ca

    • SHA512

      327355722c6adfe9ee50da10432a96c8291261e779580208be1c246189d79e92805ced326c1c4a5d587fccd01d84b0bead6fb7c9696f75d37a1b081c8fd51373

    • SSDEEP

      49152:xiht3UV4R4q3XT8xn+ENcvrUI3qwIRCNyoEn8zIJ2wPD5:8f3UV4RPN5qwf28zg2o

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks