General
-
Target
0c5bb3a86b134f359a9131b9ed6be470c59cd13ecad08ae73b44f1b924fd3943
-
Size
1.6MB
-
Sample
231213-3dq2esaagk
-
MD5
bf76f3dfcae7d74a1109be8e293a2fd1
-
SHA1
e31122ce247b32cf9538d03dfaa0c71b6b1e39e3
-
SHA256
0c5bb3a86b134f359a9131b9ed6be470c59cd13ecad08ae73b44f1b924fd3943
-
SHA512
5865736c9867120d85a0fa4334d1a3e19099d7dfeb10213577d78e1db1fd2c6c34b7f93cc389e1de58a35c5b66367ad6aed66541e9d65effd6e5056352696144
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
0c5bb3a86b134f359a9131b9ed6be470c59cd13ecad08ae73b44f1b924fd3943.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
0c5bb3a86b134f359a9131b9ed6be470c59cd13ecad08ae73b44f1b924fd3943
-
Size
1.6MB
-
MD5
bf76f3dfcae7d74a1109be8e293a2fd1
-
SHA1
e31122ce247b32cf9538d03dfaa0c71b6b1e39e3
-
SHA256
0c5bb3a86b134f359a9131b9ed6be470c59cd13ecad08ae73b44f1b924fd3943
-
SHA512
5865736c9867120d85a0fa4334d1a3e19099d7dfeb10213577d78e1db1fd2c6c34b7f93cc389e1de58a35c5b66367ad6aed66541e9d65effd6e5056352696144
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-