General

  • Target

    34cbbe86f965b78040be17b8158c9fe114f29459f22c656d3e3fb7dd907db9d4

  • Size

    1.6MB

  • Sample

    231213-3xm4wabfg2

  • MD5

    42920411ab63efb0b4b4879bf0b64f5e

  • SHA1

    9967cd766de5095e9d9eec98e4a9146bd7d449a7

  • SHA256

    34cbbe86f965b78040be17b8158c9fe114f29459f22c656d3e3fb7dd907db9d4

  • SHA512

    a03f7b5f6891f7d0e0451989c844e2831ea15c1e4ff66ce62fca2aa3bc5b32b3f488268eb36de2293ae695afeb65e6a454e521e9e4c487688f578c9cbcfd1aa3

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      34cbbe86f965b78040be17b8158c9fe114f29459f22c656d3e3fb7dd907db9d4

    • Size

      1.6MB

    • MD5

      42920411ab63efb0b4b4879bf0b64f5e

    • SHA1

      9967cd766de5095e9d9eec98e4a9146bd7d449a7

    • SHA256

      34cbbe86f965b78040be17b8158c9fe114f29459f22c656d3e3fb7dd907db9d4

    • SHA512

      a03f7b5f6891f7d0e0451989c844e2831ea15c1e4ff66ce62fca2aa3bc5b32b3f488268eb36de2293ae695afeb65e6a454e521e9e4c487688f578c9cbcfd1aa3

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks