General
-
Target
a98b006a73adc7187e7d31a18b86f9ab532da533a41d6106bb00ce96f49088cf
-
Size
1.6MB
-
Sample
231213-z8th9aahf6
-
MD5
620572ef2f123a16e0aba9020f1631f5
-
SHA1
77ae567be0e6a9e7b33ffafc262bee9626f1175a
-
SHA256
a98b006a73adc7187e7d31a18b86f9ab532da533a41d6106bb00ce96f49088cf
-
SHA512
df2d66aadf2c6403c9780315bc7f0bf1f6319f52966f51327b75816211910276122a29248a8362da1e71b874c60fc7e1d9c0580925645ddd8c87b9d24a8a3a5e
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
a98b006a73adc7187e7d31a18b86f9ab532da533a41d6106bb00ce96f49088cf.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
a98b006a73adc7187e7d31a18b86f9ab532da533a41d6106bb00ce96f49088cf
-
Size
1.6MB
-
MD5
620572ef2f123a16e0aba9020f1631f5
-
SHA1
77ae567be0e6a9e7b33ffafc262bee9626f1175a
-
SHA256
a98b006a73adc7187e7d31a18b86f9ab532da533a41d6106bb00ce96f49088cf
-
SHA512
df2d66aadf2c6403c9780315bc7f0bf1f6319f52966f51327b75816211910276122a29248a8362da1e71b874c60fc7e1d9c0580925645ddd8c87b9d24a8a3a5e
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-