General

  • Target

    98b7f38730386d8dca3810f977d88f2f44b1a5d66dab2b139b527cb8fc29e955

  • Size

    1.6MB

  • Sample

    231213-3x742sbfg5

  • MD5

    4431841ec99f4d0f6f1913b7fb996c1a

  • SHA1

    9eb835563739e6e658cf7c1f6721524940903537

  • SHA256

    98b7f38730386d8dca3810f977d88f2f44b1a5d66dab2b139b527cb8fc29e955

  • SHA512

    dfdbe54704e5cce98a745ca359f5f0b95184de1a01b030acc09b12dbe947b9c2455079ca58f0c3d69f7423bb5965e482c13ed8c784f1d0202cc716f82259967b

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      98b7f38730386d8dca3810f977d88f2f44b1a5d66dab2b139b527cb8fc29e955

    • Size

      1.6MB

    • MD5

      4431841ec99f4d0f6f1913b7fb996c1a

    • SHA1

      9eb835563739e6e658cf7c1f6721524940903537

    • SHA256

      98b7f38730386d8dca3810f977d88f2f44b1a5d66dab2b139b527cb8fc29e955

    • SHA512

      dfdbe54704e5cce98a745ca359f5f0b95184de1a01b030acc09b12dbe947b9c2455079ca58f0c3d69f7423bb5965e482c13ed8c784f1d0202cc716f82259967b

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks