General

  • Target

    faed1a112271b9662836f9b7125f50f00bab0c241a88315da094a43562c2f23f

  • Size

    1MB

  • Sample

    231129-sljl7shc49

  • MD5

    17b96cde626f7031490e0fc64204dc55

  • SHA1

    d82d757d9992fa8026ca46f6e8d656386b23eccc

  • SHA256

    faed1a112271b9662836f9b7125f50f00bab0c241a88315da094a43562c2f23f

  • SHA512

    dc29811a98eee15d65c086874aa88b74b03fb347abd8c8a34de728f4e08dac7217c8d6c33002335c8014b48b1c3c9a5139b55efd81b14f333be9b73b9cb20800

  • SSDEEP

    24576:PfflOKIEAEljlCRTMcugti9UD/Ywolrv/vVRO83xI1J2K8kcIldFNO073C:PftOKI6JlCNMai96Qwolrv/yqIhC

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      faed1a112271b9662836f9b7125f50f00bab0c241a88315da094a43562c2f23f

    • Size

      1MB

    • MD5

      17b96cde626f7031490e0fc64204dc55

    • SHA1

      d82d757d9992fa8026ca46f6e8d656386b23eccc

    • SHA256

      faed1a112271b9662836f9b7125f50f00bab0c241a88315da094a43562c2f23f

    • SHA512

      dc29811a98eee15d65c086874aa88b74b03fb347abd8c8a34de728f4e08dac7217c8d6c33002335c8014b48b1c3c9a5139b55efd81b14f333be9b73b9cb20800

    • SSDEEP

      24576:PfflOKIEAEljlCRTMcugti9UD/Ywolrv/vVRO83xI1J2K8kcIldFNO073C:PftOKI6JlCNMai96Qwolrv/yqIhC

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Tasks