Overview

overview

10

Static

static

3

fa0a470a4f...xe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa0a470a4f7620e2a74f1db0eb7581183c52b39eb662ea28c50258d0f8d529b5exe.exe

  • Size

    1.9MB

  • Sample

    231129-t74pyaaa5v

  • MD5

    4e5e41c05d7b9be4515a5885fbd52573

  • SHA1

    2d87bcbfd4ef10f3cdbab2ea282605664cc00225

  • SHA256

    fa0a470a4f7620e2a74f1db0eb7581183c52b39eb662ea28c50258d0f8d529b5

  • SHA512

    380b0923ac58a61b0ec26e83d4974333f46a9b697ec09f126e429eabde661b7f674000be52c2b2548119f0ffd0570eb0c89f3b6a14bc40db1d0426febbae2f02

  • SSDEEP

    49152:/1hXw65OH5n0Xm7Mtdj0u1yqEPvy3zAEMXFVKjnP:NKn0WMmkiFQjP

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      fa0a470a4f7620e2a74f1db0eb7581183c52b39eb662ea28c50258d0f8d529b5exe.exe

    • Size

      1.9MB

    • MD5

      4e5e41c05d7b9be4515a5885fbd52573

    • SHA1

      2d87bcbfd4ef10f3cdbab2ea282605664cc00225

    • SHA256

      fa0a470a4f7620e2a74f1db0eb7581183c52b39eb662ea28c50258d0f8d529b5

    • SHA512

      380b0923ac58a61b0ec26e83d4974333f46a9b697ec09f126e429eabde661b7f674000be52c2b2548119f0ffd0570eb0c89f3b6a14bc40db1d0426febbae2f02

    • SSDEEP

      49152:/1hXw65OH5n0Xm7Mtdj0u1yqEPvy3zAEMXFVKjnP:NKn0WMmkiFQjP

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks