General

  • Target

    26b5be7137d01b9859dc612998fdd4cd1dba5915e93eaee840bbcb52f62909a6

  • Size

    1MB

  • Sample

    231129-q6xnfsgf28

  • MD5

    e324c190578dfbcf185526f884604d53

  • SHA1

    00ce52d415b2524376a6b4509625e7dffdcffbbf

  • SHA256

    f0e48143442c99b48df9d301ecc12b7f0f7e39a50595a1cc751c34aab393a4ae

  • SHA512

    d61c9afadac443cd60e855e41ae2f2312077526671e628814378ae76c04deae3858e9afa52ae9c9b9703f71c82acdbeae9cb8b6a3698e191a9929cd4c56eda82

  • SSDEEP

    49152:ctJIf96RWh9Vq1VOVNFC0felQrikSDtg2XzsJGl2E5:MJIfRh9eUqJRXoJGlV

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      26b5be7137d01b9859dc612998fdd4cd1dba5915e93eaee840bbcb52f62909a6

    • Size

      1MB

    • MD5

      e116144b84b913fef0d2b75698a6b5d8

    • SHA1

      064aae1d7bc7539b1d3bfe7a879c123eb9438fef

    • SHA256

      26b5be7137d01b9859dc612998fdd4cd1dba5915e93eaee840bbcb52f62909a6

    • SHA512

      6b445abc6c282a0104263550ec7af1560dccb822accea900b64194b1b9c1056fdfe323b604dcf57cfc862a447805056ecbac4d7ad34b143f022920aa2d3a38da

    • SSDEEP

      49152:LxJOV9oXUF9eCFduLNx85efvxVrek2p7ICxzSlAIl2E7:lJOVHF9n65ValnxGlBlv

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks