General
-
Target
a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63
-
Size
1.6MB
-
Sample
231213-24kfwsaacj
-
MD5
9a3d17fecb584081906b59b97eefd8a4
-
SHA1
ce571d903902c675d68e3c9af884f540021d5ac7
-
SHA256
a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63
-
SHA512
e8742e380e2ed1f6c188eb80e26e0fb248bc6d4e54dc7bfcee33ed0e7b2907456b99057f8365af88ccd2de169898410a990aa1406b669a3ce2e35a7dfb3ee6ca
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63.exe
Resource
win10-20231020-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63
-
Size
1.6MB
-
MD5
9a3d17fecb584081906b59b97eefd8a4
-
SHA1
ce571d903902c675d68e3c9af884f540021d5ac7
-
SHA256
a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63
-
SHA512
e8742e380e2ed1f6c188eb80e26e0fb248bc6d4e54dc7bfcee33ed0e7b2907456b99057f8365af88ccd2de169898410a990aa1406b669a3ce2e35a7dfb3ee6ca
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-