General

  • Target

    a465dd9538d1a320f8f022fddfe4c556.exe

  • Size

    1MB

  • Sample

    231129-rvpn5sgh82

  • MD5

    a465dd9538d1a320f8f022fddfe4c556

  • SHA1

    d72d87365bf35a1ae0eeba53d6fdd37509c6e80a

  • SHA256

    29b56c8ff017cf879af21388f2bfac638bdf133016db79e41edc06d2089b1682

  • SHA512

    4d2d8eb9a4218a684361e5f53cb798b157daada165ab14ac2e1088017a61a884f145d0a1e2071289fed21913dff11e7b9824b776f44d1902fffb7a7636a1a2fa

  • SSDEEP

    24576:GyIRhzJDSJNogVkDY6jwx6ebX5RLD+D28WlhDiUUbhEIxgWaxL6Ek7f:VSvcNxKDX8keT5RmDe5iHhs5UE

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      a465dd9538d1a320f8f022fddfe4c556.exe

    • Size

      1MB

    • MD5

      a465dd9538d1a320f8f022fddfe4c556

    • SHA1

      d72d87365bf35a1ae0eeba53d6fdd37509c6e80a

    • SHA256

      29b56c8ff017cf879af21388f2bfac638bdf133016db79e41edc06d2089b1682

    • SHA512

      4d2d8eb9a4218a684361e5f53cb798b157daada165ab14ac2e1088017a61a884f145d0a1e2071289fed21913dff11e7b9824b776f44d1902fffb7a7636a1a2fa

    • SSDEEP

      24576:GyIRhzJDSJNogVkDY6jwx6ebX5RLD+D28WlhDiUUbhEIxgWaxL6Ek7f:VSvcNxKDX8keT5RmDe5iHhs5UE

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks