General

  • Target

    04dc18e95573df9003fa803e9292c7ebf942098196eec9f3e0d966300ea6d013

  • Size

    1.6MB

  • Sample

    231213-22kc4sbea9

  • MD5

    08129c6bb9587ff34b206aecf348ee44

  • SHA1

    032d5e725335cf727c4bb281d2381d5a6f8a0700

  • SHA256

    04dc18e95573df9003fa803e9292c7ebf942098196eec9f3e0d966300ea6d013

  • SHA512

    77260386ac67ae3f89ce8b17360cc2f1ba25219787d00b4e90b1a165c81e4fba5077f8310b66ba0f34984e2e70e17d877c844f2325d79945930c0a9f6450d21c

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      04dc18e95573df9003fa803e9292c7ebf942098196eec9f3e0d966300ea6d013

    • Size

      1.6MB

    • MD5

      08129c6bb9587ff34b206aecf348ee44

    • SHA1

      032d5e725335cf727c4bb281d2381d5a6f8a0700

    • SHA256

      04dc18e95573df9003fa803e9292c7ebf942098196eec9f3e0d966300ea6d013

    • SHA512

      77260386ac67ae3f89ce8b17360cc2f1ba25219787d00b4e90b1a165c81e4fba5077f8310b66ba0f34984e2e70e17d877c844f2325d79945930c0a9f6450d21c

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks