Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2520114ffcb68c063317352edd76b8590c438e321ec93479f7809a2ebedc4221

  • Size

    1.9MB

  • Sample

    231129-nbe4tafh4t

  • MD5

    0a8fa3bbd4bfa8ad4c2ec39008bea271

  • SHA1

    692b68e7f0379dbaef73a4b882db2a8717ef1d62

  • SHA256

    2520114ffcb68c063317352edd76b8590c438e321ec93479f7809a2ebedc4221

  • SHA512

    c0c6bb79b5a24d2631b6ecdc6364018403d04b40d6f48eeb7e31aa0c9c374a629a56184567d521f2920936713127b59331ef0dc444ecc79d55b78e8440ceea3c

  • SSDEEP

    49152:2fAF4t8Gn483HYe2/+UjjfHnvyi/7KZ+6p+eGULEAjPQKirux37:G483Hpct0H+eRoAjIKirux37

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      2520114ffcb68c063317352edd76b8590c438e321ec93479f7809a2ebedc4221

    • Size

      1.9MB

    • MD5

      0a8fa3bbd4bfa8ad4c2ec39008bea271

    • SHA1

      692b68e7f0379dbaef73a4b882db2a8717ef1d62

    • SHA256

      2520114ffcb68c063317352edd76b8590c438e321ec93479f7809a2ebedc4221

    • SHA512

      c0c6bb79b5a24d2631b6ecdc6364018403d04b40d6f48eeb7e31aa0c9c374a629a56184567d521f2920936713127b59331ef0dc444ecc79d55b78e8440ceea3c

    • SSDEEP

      49152:2fAF4t8Gn483HYe2/+UjjfHnvyi/7KZ+6p+eGULEAjPQKirux37:G483Hpct0H+eRoAjIKirux37

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks