General

  • Target

    e08c657eb0810b6d0884cf741acd276722cdcb7d7f5558f1bb11ead8717bb6c3

  • Size

    1.6MB

  • Sample

    231213-z99a4ahdgj

  • MD5

    5af4d29f8c5d2a95d1491c8f0fe38685

  • SHA1

    abd579ffd567b8038bd247f211a607ffcc915fa9

  • SHA256

    e08c657eb0810b6d0884cf741acd276722cdcb7d7f5558f1bb11ead8717bb6c3

  • SHA512

    f3d6b0569843d11bef139622c5f4f8cd2807fbe248ecdec17e914480bc2f2a49574e2bfdc6e8ba417411db079b467c1d08f36377efd9f7c00b01c4692d441c08

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      e08c657eb0810b6d0884cf741acd276722cdcb7d7f5558f1bb11ead8717bb6c3

    • Size

      1.6MB

    • MD5

      5af4d29f8c5d2a95d1491c8f0fe38685

    • SHA1

      abd579ffd567b8038bd247f211a607ffcc915fa9

    • SHA256

      e08c657eb0810b6d0884cf741acd276722cdcb7d7f5558f1bb11ead8717bb6c3

    • SHA512

      f3d6b0569843d11bef139622c5f4f8cd2807fbe248ecdec17e914480bc2f2a49574e2bfdc6e8ba417411db079b467c1d08f36377efd9f7c00b01c4692d441c08

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks