General

  • Target

    af7e32f9c5f9241ed270f603e8a14b2bb3c259f50a7f2953b8cbffa38e174f31

  • Size

    1.6MB

  • Sample

    231213-3gmheabfb2

  • MD5

    80519ce315d13f3abf5e48148011d606

  • SHA1

    ae9895dd41c05ed9224260f3bf94a83ac5d78e19

  • SHA256

    af7e32f9c5f9241ed270f603e8a14b2bb3c259f50a7f2953b8cbffa38e174f31

  • SHA512

    095084ff0ccb306c1090239fb2e590b580502ed7c136ed6cb7c7806c3619368cc971004ec12770e080a6de481470672d1631cab2bfcbdc6cccfae5d4f7969e22

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      af7e32f9c5f9241ed270f603e8a14b2bb3c259f50a7f2953b8cbffa38e174f31

    • Size

      1.6MB

    • MD5

      80519ce315d13f3abf5e48148011d606

    • SHA1

      ae9895dd41c05ed9224260f3bf94a83ac5d78e19

    • SHA256

      af7e32f9c5f9241ed270f603e8a14b2bb3c259f50a7f2953b8cbffa38e174f31

    • SHA512

      095084ff0ccb306c1090239fb2e590b580502ed7c136ed6cb7c7806c3619368cc971004ec12770e080a6de481470672d1631cab2bfcbdc6cccfae5d4f7969e22

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks