General

  • Target

    6a8bab5f7568c4fd75d62ffd75907935725efa82ca3759154da5062e5a135d32

  • Size

    1.6MB

  • Sample

    231213-3xcm5sabgj

  • MD5

    e63e2bd0906df58bf4bc8f535cd27881

  • SHA1

    c7984a2fcc80900da0a050a64728ebf5dfbf5199

  • SHA256

    6a8bab5f7568c4fd75d62ffd75907935725efa82ca3759154da5062e5a135d32

  • SHA512

    981c4263eab1bb5053f4b4261516279014791d5c6649878f27bc0b4f8fc6357ba504949ea15796287e37ebd6ccc65077f376c6ecc0140dc1251a988d91b509f6

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      6a8bab5f7568c4fd75d62ffd75907935725efa82ca3759154da5062e5a135d32

    • Size

      1.6MB

    • MD5

      e63e2bd0906df58bf4bc8f535cd27881

    • SHA1

      c7984a2fcc80900da0a050a64728ebf5dfbf5199

    • SHA256

      6a8bab5f7568c4fd75d62ffd75907935725efa82ca3759154da5062e5a135d32

    • SHA512

      981c4263eab1bb5053f4b4261516279014791d5c6649878f27bc0b4f8fc6357ba504949ea15796287e37ebd6ccc65077f376c6ecc0140dc1251a988d91b509f6

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks