General
-
Target
ce5ef7d1a87b04830a95be4407a9305841ec638e173b4815ac1b26d9ba584a13
-
Size
1.6MB
-
Sample
231213-3wsmzabff9
-
MD5
d42c2a30a4970a36c815c9d134085861
-
SHA1
fb58126e2d8ac573b21fb6404e14ec0514154a6d
-
SHA256
ce5ef7d1a87b04830a95be4407a9305841ec638e173b4815ac1b26d9ba584a13
-
SHA512
c4d1fb35b2e8d9746d3a5d72736e0a7a801c9ef6c12464d2e5ef4078961a7e72f08cee1e4a0a3382493e4fe39267f49d38fad3de720c62f4aa517ed3ee3dbc57
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
ce5ef7d1a87b04830a95be4407a9305841ec638e173b4815ac1b26d9ba584a13.exe
Resource
win10-20231129-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
ce5ef7d1a87b04830a95be4407a9305841ec638e173b4815ac1b26d9ba584a13
-
Size
1.6MB
-
MD5
d42c2a30a4970a36c815c9d134085861
-
SHA1
fb58126e2d8ac573b21fb6404e14ec0514154a6d
-
SHA256
ce5ef7d1a87b04830a95be4407a9305841ec638e173b4815ac1b26d9ba584a13
-
SHA512
c4d1fb35b2e8d9746d3a5d72736e0a7a801c9ef6c12464d2e5ef4078961a7e72f08cee1e4a0a3382493e4fe39267f49d38fad3de720c62f4aa517ed3ee3dbc57
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-