General
-
Target
b9c8ffd12977b607dd2770a1a2d62837b499d1ec73b702e7f6f0da5be85702e2
-
Size
1.6MB
-
Sample
231213-1xnpashfek
-
MD5
c68f525e2c8d2a51613705556027ea4f
-
SHA1
073db1a6c9b5e5c706bcdfeefeea8ae68ee9f0e9
-
SHA256
b9c8ffd12977b607dd2770a1a2d62837b499d1ec73b702e7f6f0da5be85702e2
-
SHA512
ba76ffd05aabf8b35d5ec50d30ac61abe79a20438b322f78abf88bde6db4017b32dc605e3079047cb8c76f4a5764e2687ad17755cdae377fbfd68d89279315f1
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
b9c8ffd12977b607dd2770a1a2d62837b499d1ec73b702e7f6f0da5be85702e2.exe
Resource
win10-20231023-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
b9c8ffd12977b607dd2770a1a2d62837b499d1ec73b702e7f6f0da5be85702e2
-
Size
1.6MB
-
MD5
c68f525e2c8d2a51613705556027ea4f
-
SHA1
073db1a6c9b5e5c706bcdfeefeea8ae68ee9f0e9
-
SHA256
b9c8ffd12977b607dd2770a1a2d62837b499d1ec73b702e7f6f0da5be85702e2
-
SHA512
ba76ffd05aabf8b35d5ec50d30ac61abe79a20438b322f78abf88bde6db4017b32dc605e3079047cb8c76f4a5764e2687ad17755cdae377fbfd68d89279315f1
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-