General

  • Target

    564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1

  • Size

    1.6MB

  • Sample

    231213-1wrpkahfdk

  • MD5

    a658a996f3b8c06b0b3d20af51045707

  • SHA1

    9f016a5f070a49f1673e43e42563cc7986dc351b

  • SHA256

    564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1

  • SHA512

    4a11e03ba1023e8bfca52ef53f8356a198eecea50af64d396a49c599658637847d41cbe92fb8ed875722f44f5fc03871f78bb948f276c4c40372afb3de69e80c

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1

    • Size

      1.6MB

    • MD5

      a658a996f3b8c06b0b3d20af51045707

    • SHA1

      9f016a5f070a49f1673e43e42563cc7986dc351b

    • SHA256

      564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1

    • SHA512

      4a11e03ba1023e8bfca52ef53f8356a198eecea50af64d396a49c599658637847d41cbe92fb8ed875722f44f5fc03871f78bb948f276c4c40372afb3de69e80c

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks