Overview

overview

10

Static

static

3

0386248331...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0386248331e4a319a1e27ae1a01d9f0aa90e3b4eb7fb7d3147ef81c4fca7b22e

  • Size

    1.9MB

  • Sample

    231129-m4q64sfg9t

  • MD5

    b2b654a23d463c18689f05b2a29eb69b

  • SHA1

    1186b96ad9864dfa0ce268516b54de5d69cff30f

  • SHA256

    4381bbb3d77b89d6edb3b8142ffeeeb2d63586d3289f95be3ff60df47851a6fa

  • SHA512

    af1df6df2c17a80593cfa57814bbf6c675520f6a28312808cbff4b622b49116dee08670b0ff2d74ba15d92e8417e6658e7a97d84f6ee232664bc00105c9e83ac

  • SSDEEP

    49152:3uxmggrcqhbjkEJif9zcGR1WZBAqcAdrRABn6tYmRr9w:3+mOsvxJiflcttYZ

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      0386248331e4a319a1e27ae1a01d9f0aa90e3b4eb7fb7d3147ef81c4fca7b22e

    • Size

      1.9MB

    • MD5

      0409e02911966ba6272e55796987134d

    • SHA1

      857609b12120646123c0c92e95677ca84088a93c

    • SHA256

      0386248331e4a319a1e27ae1a01d9f0aa90e3b4eb7fb7d3147ef81c4fca7b22e

    • SHA512

      1afb28095507eab6cb6aff35da32e741b88f803da28b18698efe1384c27a01f477d0423ad09db80ea997470796fa7a700d83b6fdf19d482c074360a9993f5fb4

    • SSDEEP

      49152:1EVZ2rcuhbjcEV8fYKRCat1SGGq/vxdPRKYy3/+tSmFVAV:eB4v5V8f/vpI2tS5

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks