Overview

overview

10

Static

static

10

c69eb279e8...6f.exe

windows7-x64

10

c69eb279e8...6f.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c69eb279e87295c25188e6d127b25ad3662a2033e70930ad4d658f4fd56bcc6f

  • Size

    749KB

  • Sample

    231129-n432caga5w

  • MD5

    9ca26d3f7c3621db2da0d21efd04781a

  • SHA1

    32a6343fb2cafde0782985322ae8315279fa337f

  • SHA256

    cd796e1278697dc5e1e3582cbe3a417ccc8c2b06dc32bb4a004d217492f794e1

  • SHA512

    266a35584570285e92663e4c887a86c939d4b10c1b5bb2c1e2f79a52855bc49d1ec8d1e296dac33230cd96b62aa6ffd955ce5059f8ae25efcf34d345039ce86c

  • SSDEEP

    12288:mtPFtGfY2o0E2DLHRJPRWWL03wiiZPgwuk4TUYJ4eyuz1VYwpvw4AXex0f+oRfT:mdHGq0E0R+k03wFPgwuVTPV1Cwpv2QAL

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      c69eb279e87295c25188e6d127b25ad3662a2033e70930ad4d658f4fd56bcc6f

    • Size

      1.5MB

    • MD5

      59280d71a470fce3c4be09326459149b

    • SHA1

      534e34b7be1ea367e833f4dab565b0d4b0d027b2

    • SHA256

      c69eb279e87295c25188e6d127b25ad3662a2033e70930ad4d658f4fd56bcc6f

    • SHA512

      a666fac5515c8e1a9d073be7c4c48eb740c054645b91b1939cae6f46af98550fbbeec567cd5126ef7bb93b38888338e05aea4a082a3d1fd8422b240118c99574

    • SSDEEP

      24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WtI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTS

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks