General
-
Target
a89bb7f71736b8a522860af09e77f9d0a6e9d0c26ac290d8c5f3cca7c36e9434
-
Size
1.6MB
-
Sample
231213-1caa6sbaa2
-
MD5
3f7560b7baa4c159e54f9b587aa899f0
-
SHA1
4473cb396a3eb278f85904068065eb580a2eb767
-
SHA256
a89bb7f71736b8a522860af09e77f9d0a6e9d0c26ac290d8c5f3cca7c36e9434
-
SHA512
0f1c5a66a281148c5cb7414874c000eec0a5a1af229d762b7b3d672c5b94c9978880af5762c5dbd477ca64cf7341e3d5e462c98649ef11953b20ac7b9d775345
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
a89bb7f71736b8a522860af09e77f9d0a6e9d0c26ac290d8c5f3cca7c36e9434.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
a89bb7f71736b8a522860af09e77f9d0a6e9d0c26ac290d8c5f3cca7c36e9434
-
Size
1.6MB
-
MD5
3f7560b7baa4c159e54f9b587aa899f0
-
SHA1
4473cb396a3eb278f85904068065eb580a2eb767
-
SHA256
a89bb7f71736b8a522860af09e77f9d0a6e9d0c26ac290d8c5f3cca7c36e9434
-
SHA512
0f1c5a66a281148c5cb7414874c000eec0a5a1af229d762b7b3d672c5b94c9978880af5762c5dbd477ca64cf7341e3d5e462c98649ef11953b20ac7b9d775345
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-