Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b871eea2d204e19bdade16f4ed0ca2c0f49afa177ed199cf97e2126196aed65

  • Size

    1.9MB

  • Sample

    231129-n2aa9aga4s

  • MD5

    2b3229f6be5b88c8766a630d8ac64d5c

  • SHA1

    1d520e7bf15d357430736cf276798c4ec37624d5

  • SHA256

    5b871eea2d204e19bdade16f4ed0ca2c0f49afa177ed199cf97e2126196aed65

  • SHA512

    59ed6a2a0573b003c9f3bf061de39d2407525dd4dc8170440caaf1d45e4b5afd85166625d610d1be8535d1d629fa1fbf2ccd13ff3b71fdea26d7664a2c0a7199

  • SSDEEP

    49152:DdTh7Sm+4EFG8Ikf5JAtLvKK+OVvtgDi0QnK4fz16nka+c3CG:ZTy4EobCwvqmnK4fz1klHyG

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      5b871eea2d204e19bdade16f4ed0ca2c0f49afa177ed199cf97e2126196aed65

    • Size

      1.9MB

    • MD5

      2b3229f6be5b88c8766a630d8ac64d5c

    • SHA1

      1d520e7bf15d357430736cf276798c4ec37624d5

    • SHA256

      5b871eea2d204e19bdade16f4ed0ca2c0f49afa177ed199cf97e2126196aed65

    • SHA512

      59ed6a2a0573b003c9f3bf061de39d2407525dd4dc8170440caaf1d45e4b5afd85166625d610d1be8535d1d629fa1fbf2ccd13ff3b71fdea26d7664a2c0a7199

    • SSDEEP

      49152:DdTh7Sm+4EFG8Ikf5JAtLvKK+OVvtgDi0QnK4fz16nka+c3CG:ZTy4EobCwvqmnK4fz1klHyG

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks