General

  • Target

    4fc243d1a50ea1ab9c4b5ff0b2846fc4f3b2ace149ed2f4b448a9c4b1a601cd0

  • Size

    1.6MB

  • Sample

    231213-3s7ygsabem

  • MD5

    941de985da91931e537f850da6eaf497

  • SHA1

    e29cc3378de57ee89c3fe43c6569f7e30f498966

  • SHA256

    4fc243d1a50ea1ab9c4b5ff0b2846fc4f3b2ace149ed2f4b448a9c4b1a601cd0

  • SHA512

    797f85283388b00da56693ab614b8588e59e4002fc6d6c556354a593dbb634afb13ed8069b90d97fd009a5f32a58e0862277b0f6bd3a82b0d1be7c19a4c49a74

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      4fc243d1a50ea1ab9c4b5ff0b2846fc4f3b2ace149ed2f4b448a9c4b1a601cd0

    • Size

      1.6MB

    • MD5

      941de985da91931e537f850da6eaf497

    • SHA1

      e29cc3378de57ee89c3fe43c6569f7e30f498966

    • SHA256

      4fc243d1a50ea1ab9c4b5ff0b2846fc4f3b2ace149ed2f4b448a9c4b1a601cd0

    • SHA512

      797f85283388b00da56693ab614b8588e59e4002fc6d6c556354a593dbb634afb13ed8069b90d97fd009a5f32a58e0862277b0f6bd3a82b0d1be7c19a4c49a74

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks