General
-
Target
564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1
-
Size
1.6MB
-
Sample
231213-1wrpkahfdk
-
MD5
a658a996f3b8c06b0b3d20af51045707
-
SHA1
9f016a5f070a49f1673e43e42563cc7986dc351b
-
SHA256
564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1
-
SHA512
4a11e03ba1023e8bfca52ef53f8356a198eecea50af64d396a49c599658637847d41cbe92fb8ed875722f44f5fc03871f78bb948f276c4c40372afb3de69e80c
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1.exe
Resource
win10-20231129-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1
-
Size
1.6MB
-
MD5
a658a996f3b8c06b0b3d20af51045707
-
SHA1
9f016a5f070a49f1673e43e42563cc7986dc351b
-
SHA256
564b4482354b2311bf9c40e0efea14c24824ae47bf8894c5c0733a6d56cd44b1
-
SHA512
4a11e03ba1023e8bfca52ef53f8356a198eecea50af64d396a49c599658637847d41cbe92fb8ed875722f44f5fc03871f78bb948f276c4c40372afb3de69e80c
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-