Overview

overview

10

Static

static

3

618156466c...bc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    618156466c3c49befe60e23ca44af93209c5e953361c5d5a9fe98127adbf45bc

  • Size

    1.9MB

  • Sample

    231129-rp7yjagh9x

  • MD5

    e073a10246247af815938b202fc02ab0

  • SHA1

    1e0fae04a9395059911c05cdb0055823219abc61

  • SHA256

    1c8e40ccc9ab81ceefb577b97de857464e6b212ec6dbe3a0bfed251fb080dc27

  • SHA512

    eb2eaeb1e346a2a6cddb414e3ea7af5763ecc8ad5205d355f4ade55663da60e46addec7877f1b4ff53ceab298d881321fcf5b68e998f2e2be61675c0e9600bf2

  • SSDEEP

    49152:J8U2F4Bpqcph5J1sUR3hQ7W39ZF0FW/8+mJ7sBrvCoSk:CX4SgsUAcizLstgk

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      618156466c3c49befe60e23ca44af93209c5e953361c5d5a9fe98127adbf45bc

    • Size

      1.9MB

    • MD5

      9b47ae3cd1b931203bd17157e3d9f6cb

    • SHA1

      c85be7ba82f5413d23b59c176308148b825efe75

    • SHA256

      618156466c3c49befe60e23ca44af93209c5e953361c5d5a9fe98127adbf45bc

    • SHA512

      30f823860a38eaaa5f977da8fa117e00c21a7348fb82cb00084ba09c2e91bf66458862f3eb115050817b21d3a0580a5948410f4ad5ff6018d92c9dd2a50ec68a

    • SSDEEP

      49152:rzOd/usiQeDF5nyvh4vQ7W3VpFg5G+0ATZJrh:vKusfI4cm5GWTZ

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks