Overview

overview

10

Static

static

10

0x00080000...26.exe

windows7-x64

10

0x00080000...26.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0008000000023207-26.dat

  • Size

    1.5MB

  • Sample

    231129-rzqf8sha33

  • MD5

    8adfad103b46dd18d1b24ffc912482c2

  • SHA1

    b38cf3f35fbf371f0dbbafcf9bf85b6433ac2025

  • SHA256

    aab0c42d00dc704e37a6bd7bad9464c46aee7c17bf8ea8d6e90f54f31e8567ec

  • SHA512

    0e7046f03955180d3f5d3df4f616731689ce562c3011da2de6448d68eb1fa41f0a518c70ac40b2e61c949823ea2fe1a35851043271ba9c3829cce525b45d6b4a

  • SSDEEP

    24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WKI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTl

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      0x0008000000023207-26.dat

    • Size

      1.5MB

    • MD5

      8adfad103b46dd18d1b24ffc912482c2

    • SHA1

      b38cf3f35fbf371f0dbbafcf9bf85b6433ac2025

    • SHA256

      aab0c42d00dc704e37a6bd7bad9464c46aee7c17bf8ea8d6e90f54f31e8567ec

    • SHA512

      0e7046f03955180d3f5d3df4f616731689ce562c3011da2de6448d68eb1fa41f0a518c70ac40b2e61c949823ea2fe1a35851043271ba9c3829cce525b45d6b4a

    • SSDEEP

      24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WKI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTl

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks