Overview

overview

10

Static

static

10

0x00070000...26.exe

windows7-x64

10

0x00070000...26.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0x0007000000023253-26.dat

  • Size

    1.5MB

  • Sample

    231129-sjxfaahc42

  • MD5

    14e104aabeef4a8580151468ca6fd619

  • SHA1

    eb7d1507914a2dabe3331257fe60468b1c55dcd8

  • SHA256

    0720b4f1562743a99a21eb659b8874ce0c6b2d71e899bad96b04a0f2257d66f1

  • SHA512

    6d9f701492e5d9dcc3906f8dfad2599ad32fe4bd1ff31f0bb09aee7146f09ccfb5fa4732e23c221c9e7f9ba780473e4e962d46a9c6915daa2e4526f4af019ac0

  • SSDEEP

    24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WKI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTl

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      0x0007000000023253-26.dat

    • Size

      1.5MB

    • MD5

      14e104aabeef4a8580151468ca6fd619

    • SHA1

      eb7d1507914a2dabe3331257fe60468b1c55dcd8

    • SHA256

      0720b4f1562743a99a21eb659b8874ce0c6b2d71e899bad96b04a0f2257d66f1

    • SHA512

      6d9f701492e5d9dcc3906f8dfad2599ad32fe4bd1ff31f0bb09aee7146f09ccfb5fa4732e23c221c9e7f9ba780473e4e962d46a9c6915daa2e4526f4af019ac0

    • SSDEEP

      24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WKI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTl

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks