General

  • Target

    9bb79f1e5648649eb951b96233880a66967a2ced5dac6f4bfa8f4207c33f38e3

  • Size

    1.6MB

  • Sample

    231213-1cj6dahdhn

  • MD5

    78f5281e9e0b50cbcc53cea6202d07cd

  • SHA1

    0ba2216dee56619e1fb396db92d35e24a80fdf15

  • SHA256

    9bb79f1e5648649eb951b96233880a66967a2ced5dac6f4bfa8f4207c33f38e3

  • SHA512

    a43167c298d30b649b22740d7d577a0f76b6fb1887dcf0585df0e735e0039dc8056aea5355a2f3cd0a695de644c09b601c9a292fcc2577c4b8f4b8107668f736

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      9bb79f1e5648649eb951b96233880a66967a2ced5dac6f4bfa8f4207c33f38e3

    • Size

      1.6MB

    • MD5

      78f5281e9e0b50cbcc53cea6202d07cd

    • SHA1

      0ba2216dee56619e1fb396db92d35e24a80fdf15

    • SHA256

      9bb79f1e5648649eb951b96233880a66967a2ced5dac6f4bfa8f4207c33f38e3

    • SHA512

      a43167c298d30b649b22740d7d577a0f76b6fb1887dcf0585df0e735e0039dc8056aea5355a2f3cd0a695de644c09b601c9a292fcc2577c4b8f4b8107668f736

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks