General

  • Target

    f9ded8afe85fb68c613c3ca44f53be3f58ebe2cd3f2c1bde5b583b1257758363

  • Size

    1.6MB

  • Sample

    231213-1pmr2abah5

  • MD5

    3e7e51a19a9ab1cc266f4eb71160b3be

  • SHA1

    a4f05ad3b54b17d9ee83c9994c478751d68591f8

  • SHA256

    f9ded8afe85fb68c613c3ca44f53be3f58ebe2cd3f2c1bde5b583b1257758363

  • SHA512

    c51ed8b62c6684d418a9f50ecb8c8b9bd55723eb3706bbaa02eef25453455430a9398ba771c919a900e1893404235803e751cacafbc84e7e1e51bba3ee8f8f6d

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      f9ded8afe85fb68c613c3ca44f53be3f58ebe2cd3f2c1bde5b583b1257758363

    • Size

      1.6MB

    • MD5

      3e7e51a19a9ab1cc266f4eb71160b3be

    • SHA1

      a4f05ad3b54b17d9ee83c9994c478751d68591f8

    • SHA256

      f9ded8afe85fb68c613c3ca44f53be3f58ebe2cd3f2c1bde5b583b1257758363

    • SHA512

      c51ed8b62c6684d418a9f50ecb8c8b9bd55723eb3706bbaa02eef25453455430a9398ba771c919a900e1893404235803e751cacafbc84e7e1e51bba3ee8f8f6d

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks