General

  • Target

    1e87316edaf712fffb76ecd07825d152c2e150035ab52e2208de86b16942a2f5

  • Size

    1.6MB

  • Sample

    231213-3hrthsabam

  • MD5

    d6549c6dd3281b5b1ff67d9e2bd3c98b

  • SHA1

    30007f23e0469621a05c00ce27f12ca96f827d5b

  • SHA256

    1e87316edaf712fffb76ecd07825d152c2e150035ab52e2208de86b16942a2f5

  • SHA512

    8776b0f84b6b3e49d3fdc6248ca005a669ab350b88a1ca6732cd765c74ee35c3872173fe8313b3603f621207392710b3addca898c7c65fc89461841e5243902f

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      1e87316edaf712fffb76ecd07825d152c2e150035ab52e2208de86b16942a2f5

    • Size

      1.6MB

    • MD5

      d6549c6dd3281b5b1ff67d9e2bd3c98b

    • SHA1

      30007f23e0469621a05c00ce27f12ca96f827d5b

    • SHA256

      1e87316edaf712fffb76ecd07825d152c2e150035ab52e2208de86b16942a2f5

    • SHA512

      8776b0f84b6b3e49d3fdc6248ca005a669ab350b88a1ca6732cd765c74ee35c3872173fe8313b3603f621207392710b3addca898c7c65fc89461841e5243902f

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks