General

  • Target

    c5b9de7d9c532983c737cad0ddb243e45e53ffba18057719ccb8e402dfbbdfc2

  • Size

    1MB

  • Sample

    231129-sthd4shc97

  • MD5

    0673da84641737cb83e08c16f95ef629

  • SHA1

    1d56f90a9747387820ec8045f00541c0f921d542

  • SHA256

    c5b9de7d9c532983c737cad0ddb243e45e53ffba18057719ccb8e402dfbbdfc2

  • SHA512

    6dfc113db939e1ad5e41be7f48fc9b47c2b61031e72dc9aa827896be8f76c11baf42ab866d06c888a194a7bf3673c7b1b9634b3f4af6481a3573eefdb59faaef

  • SSDEEP

    24576:hfSRC6KeuGZP5gKCVHS+RubBeEUIOKKLEJ1f9EJ8pXzN8oyL+FOgn/X8tALCJmC:hfSRCvNALmYUE6wJZ9Eapf//GA3C

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      c5b9de7d9c532983c737cad0ddb243e45e53ffba18057719ccb8e402dfbbdfc2

    • Size

      1MB

    • MD5

      0673da84641737cb83e08c16f95ef629

    • SHA1

      1d56f90a9747387820ec8045f00541c0f921d542

    • SHA256

      c5b9de7d9c532983c737cad0ddb243e45e53ffba18057719ccb8e402dfbbdfc2

    • SHA512

      6dfc113db939e1ad5e41be7f48fc9b47c2b61031e72dc9aa827896be8f76c11baf42ab866d06c888a194a7bf3673c7b1b9634b3f4af6481a3573eefdb59faaef

    • SSDEEP

      24576:hfSRC6KeuGZP5gKCVHS+RubBeEUIOKKLEJ1f9EJ8pXzN8oyL+FOgn/X8tALCJmC:hfSRCvNALmYUE6wJZ9Eapf//GA3C

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Tasks