General

  • Target

    3646c733c77622fc3fef10ea7ec9beb501fd891c6045820fe0160810f2b9c597

  • Size

    1.6MB

  • Sample

    231213-2z7evsaaak

  • MD5

    8e1cb2cca2f21c9f966f996ab3573cc1

  • SHA1

    c295cb2666bf1ae027fe3ffb4628999886dab589

  • SHA256

    3646c733c77622fc3fef10ea7ec9beb501fd891c6045820fe0160810f2b9c597

  • SHA512

    850b421511d71289893d640e74747a67349ad297391fcac3b87eb7c3c01692aefb22ce39552ec38a47f928352f2be0d1a7de0ba05afc3b8e406444f30bf7189a

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      3646c733c77622fc3fef10ea7ec9beb501fd891c6045820fe0160810f2b9c597

    • Size

      1.6MB

    • MD5

      8e1cb2cca2f21c9f966f996ab3573cc1

    • SHA1

      c295cb2666bf1ae027fe3ffb4628999886dab589

    • SHA256

      3646c733c77622fc3fef10ea7ec9beb501fd891c6045820fe0160810f2b9c597

    • SHA512

      850b421511d71289893d640e74747a67349ad297391fcac3b87eb7c3c01692aefb22ce39552ec38a47f928352f2be0d1a7de0ba05afc3b8e406444f30bf7189a

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks