Overview

overview

10

Static

static

3

f2bad17c95...xe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2bad17c95df7a75caa22ceccf738c99e0678ab671c05d15f188912c8031076cexe.exe

  • Size

    1.9MB

  • Sample

    231129-t7ljcsaa3z

  • MD5

    f19793d23c7e343a65f7a0bc117a72d7

  • SHA1

    3efda3d3d9dd5c0935e6b5b373b5a3f32655d9f7

  • SHA256

    f2bad17c95df7a75caa22ceccf738c99e0678ab671c05d15f188912c8031076c

  • SHA512

    c6cfec426d99a28ebed6048ed85544a0e3f02c50f99f1bdb4fd4b7732e7c08bb88911b7161c09fe050604b0597afc31d94ac47d3c50ed5d009f8eeff5e1afbf1

  • SSDEEP

    49152:veBGMWhgj8WkZ5JCQkiSAyOVsvHxKLB8lGJo87v:2BGqj8WkZmVgLqlCD

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      f2bad17c95df7a75caa22ceccf738c99e0678ab671c05d15f188912c8031076cexe.exe

    • Size

      1.9MB

    • MD5

      f19793d23c7e343a65f7a0bc117a72d7

    • SHA1

      3efda3d3d9dd5c0935e6b5b373b5a3f32655d9f7

    • SHA256

      f2bad17c95df7a75caa22ceccf738c99e0678ab671c05d15f188912c8031076c

    • SHA512

      c6cfec426d99a28ebed6048ed85544a0e3f02c50f99f1bdb4fd4b7732e7c08bb88911b7161c09fe050604b0597afc31d94ac47d3c50ed5d009f8eeff5e1afbf1

    • SSDEEP

      49152:veBGMWhgj8WkZ5JCQkiSAyOVsvHxKLB8lGJo87v:2BGqj8WkZmVgLqlCD

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks