General

  • Target

    a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63

  • Size

    1.6MB

  • Sample

    231213-24kfwsaacj

  • MD5

    9a3d17fecb584081906b59b97eefd8a4

  • SHA1

    ce571d903902c675d68e3c9af884f540021d5ac7

  • SHA256

    a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63

  • SHA512

    e8742e380e2ed1f6c188eb80e26e0fb248bc6d4e54dc7bfcee33ed0e7b2907456b99057f8365af88ccd2de169898410a990aa1406b669a3ce2e35a7dfb3ee6ca

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63

    • Size

      1.6MB

    • MD5

      9a3d17fecb584081906b59b97eefd8a4

    • SHA1

      ce571d903902c675d68e3c9af884f540021d5ac7

    • SHA256

      a9b80228b56add0bd58ee5c4d2638a6690e503ed83ab9007f649c152e80a7a63

    • SHA512

      e8742e380e2ed1f6c188eb80e26e0fb248bc6d4e54dc7bfcee33ed0e7b2907456b99057f8365af88ccd2de169898410a990aa1406b669a3ce2e35a7dfb3ee6ca

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks