General

  • Target

    15291c7c484a5b4e8cc4e533e038dc6e7c1aac050c4fd9f10105355c7139d10f

  • Size

    1.6MB

  • Sample

    231213-z9zfwshdfn

  • MD5

    6f13618cf11539e3a324e808f3b15140

  • SHA1

    0466eeaad6279f96b06bc990ef31a8adeea6b6b0

  • SHA256

    15291c7c484a5b4e8cc4e533e038dc6e7c1aac050c4fd9f10105355c7139d10f

  • SHA512

    0c547ca986ec98e9b52a2060dd9e878c645ddd01eb9a79092815c07ab108738a44e778f20527e3d49028d5054d33921b15f8a25ba649c859e2934ac179d0ed54

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      15291c7c484a5b4e8cc4e533e038dc6e7c1aac050c4fd9f10105355c7139d10f

    • Size

      1.6MB

    • MD5

      6f13618cf11539e3a324e808f3b15140

    • SHA1

      0466eeaad6279f96b06bc990ef31a8adeea6b6b0

    • SHA256

      15291c7c484a5b4e8cc4e533e038dc6e7c1aac050c4fd9f10105355c7139d10f

    • SHA512

      0c547ca986ec98e9b52a2060dd9e878c645ddd01eb9a79092815c07ab108738a44e778f20527e3d49028d5054d33921b15f8a25ba649c859e2934ac179d0ed54

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks