Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c98667e55e0241bc8475bfdafa7847d1708e3d004d7190fca89fa10fa088123

  • Size

    1.9MB

  • Sample

    231129-l269wafe7y

  • MD5

    d70fee6773a2fef1adcd5b2c92d83c0f

  • SHA1

    e8ecdd408dd72dbd7634e1b9bfeb950ac65e4790

  • SHA256

    4c98667e55e0241bc8475bfdafa7847d1708e3d004d7190fca89fa10fa088123

  • SHA512

    f25a862fdf70ac0d129fc550d8ed09b3dbd446b59b5ae3a95e8fedd28117da4097b38cad28bdb54e26208611f5d87354d55928d055a191db4c6ce8b1f6dc3316

  • SSDEEP

    49152:Yi0m/xKNmT6fM28QSjJrA4gXYbvV4AdIYi5KSLkT767Zb4+TujK:X55KNmT6fM28/19XIYGXgHp+TujK

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      4c98667e55e0241bc8475bfdafa7847d1708e3d004d7190fca89fa10fa088123

    • Size

      1.9MB

    • MD5

      d70fee6773a2fef1adcd5b2c92d83c0f

    • SHA1

      e8ecdd408dd72dbd7634e1b9bfeb950ac65e4790

    • SHA256

      4c98667e55e0241bc8475bfdafa7847d1708e3d004d7190fca89fa10fa088123

    • SHA512

      f25a862fdf70ac0d129fc550d8ed09b3dbd446b59b5ae3a95e8fedd28117da4097b38cad28bdb54e26208611f5d87354d55928d055a191db4c6ce8b1f6dc3316

    • SSDEEP

      49152:Yi0m/xKNmT6fM28QSjJrA4gXYbvV4AdIYi5KSLkT767Zb4+TujK:X55KNmT6fM28/19XIYGXgHp+TujK

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks