Overview

overview

10

Static

static

3

3b58ac66ab...xe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b58ac66aba1916652103fdff909940378b77c555e1763f2b1e6b1ba32f7b0a5exe.exe

  • Size

    1011KB

  • Sample

    231129-t92claaa47

  • MD5

    09f85de07afa45b7f4514933da7fc7bc

  • SHA1

    06225bfa7aae2353928430c813f377c7d75b8cfc

  • SHA256

    3b58ac66aba1916652103fdff909940378b77c555e1763f2b1e6b1ba32f7b0a5

  • SHA512

    5cbf56ddc937671562fe4ef41b7043eb0393e8ee29c5c3d7e0cbde34fd26ff56101aafdcc7c429375f314e751207e96c5db675a82ee25d18191f1add1b61c68b

  • SSDEEP

    24576:6yWF5eqFJi8h2DSBNRzyO2TJyLqbgvlLCHh01+CA0:BW7eqFJibENIZVuqsvlqh0a

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      3b58ac66aba1916652103fdff909940378b77c555e1763f2b1e6b1ba32f7b0a5exe.exe

    • Size

      1011KB

    • MD5

      09f85de07afa45b7f4514933da7fc7bc

    • SHA1

      06225bfa7aae2353928430c813f377c7d75b8cfc

    • SHA256

      3b58ac66aba1916652103fdff909940378b77c555e1763f2b1e6b1ba32f7b0a5

    • SHA512

      5cbf56ddc937671562fe4ef41b7043eb0393e8ee29c5c3d7e0cbde34fd26ff56101aafdcc7c429375f314e751207e96c5db675a82ee25d18191f1add1b61c68b

    • SSDEEP

      24576:6yWF5eqFJi8h2DSBNRzyO2TJyLqbgvlLCHh01+CA0:BW7eqFJibENIZVuqsvlqh0a

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks