General
-
Target
24b613895b2be26493b5b4d37a5375250e3b967be20e5ff85474b7a64b24faeb
-
Size
1.6MB
-
Sample
231213-3pgxwsbfe2
-
MD5
80bf95a4f32c59afde8e2bec35313667
-
SHA1
bfe34d5e1365da8396280f0fa6c7cb2f14ad84de
-
SHA256
24b613895b2be26493b5b4d37a5375250e3b967be20e5ff85474b7a64b24faeb
-
SHA512
fb211223ec6f32a2ffec335e56beeb26f450b38ee20dbb8a54bee2b005e5615d2361c0a717f6fef7922ec64a6c33960cc0ae162d276612e3c724ee0c85497f19
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
24b613895b2be26493b5b4d37a5375250e3b967be20e5ff85474b7a64b24faeb.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
24b613895b2be26493b5b4d37a5375250e3b967be20e5ff85474b7a64b24faeb
-
Size
1.6MB
-
MD5
80bf95a4f32c59afde8e2bec35313667
-
SHA1
bfe34d5e1365da8396280f0fa6c7cb2f14ad84de
-
SHA256
24b613895b2be26493b5b4d37a5375250e3b967be20e5ff85474b7a64b24faeb
-
SHA512
fb211223ec6f32a2ffec335e56beeb26f450b38ee20dbb8a54bee2b005e5615d2361c0a717f6fef7922ec64a6c33960cc0ae162d276612e3c724ee0c85497f19
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-