General
-
Target
449ceb05c8819e7ff6471de3698945648f37df1e4bbd200363c53a48866a6670
-
Size
1.6MB
-
Sample
231213-2za2nabea2
-
MD5
f0f6cab93c52404ff9a39d3a4e2b6560
-
SHA1
05dc2219257d5e2407fb333712f8b4a544806486
-
SHA256
449ceb05c8819e7ff6471de3698945648f37df1e4bbd200363c53a48866a6670
-
SHA512
37a9e1c1d6eaea4e9cfb18b47f3f6bf42b01425e562a641c7abbce87db73ef11d1e1b96422ff46f2c83e8526350ec0ac2d9606bca1cad5c3289fd6aa219a7dcc
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
449ceb05c8819e7ff6471de3698945648f37df1e4bbd200363c53a48866a6670.exe
Resource
win10-20231023-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
449ceb05c8819e7ff6471de3698945648f37df1e4bbd200363c53a48866a6670
-
Size
1.6MB
-
MD5
f0f6cab93c52404ff9a39d3a4e2b6560
-
SHA1
05dc2219257d5e2407fb333712f8b4a544806486
-
SHA256
449ceb05c8819e7ff6471de3698945648f37df1e4bbd200363c53a48866a6670
-
SHA512
37a9e1c1d6eaea4e9cfb18b47f3f6bf42b01425e562a641c7abbce87db73ef11d1e1b96422ff46f2c83e8526350ec0ac2d9606bca1cad5c3289fd6aa219a7dcc
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-