Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c240b930be238078d2282b25435581cabab6ea0566364b4f3af5324e79da1ae0

  • Size

    1.2MB

  • Sample

    231214-2m3adaacf8

  • MD5

    c87b042cf1cb57bedc9405f8053b9a8f

  • SHA1

    05a4c6323c758c44f4e35234e224d6896e78698a

  • SHA256

    c240b930be238078d2282b25435581cabab6ea0566364b4f3af5324e79da1ae0

  • SHA512

    9b7ff0d149d81892ab956d1ad94afc25ad17b4af574adb3a7462af1a70d688332bd515531a91afe9fd1b654de39d520a32b3315c9a93a2d68cc844e7ede56589

  • SSDEEP

    24576:HyxOj9jEzGOtILd6SCv01BsDHzYGZT/uFQo3YyINcVlxm:SgoSCvAyzLu6opIe

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      c240b930be238078d2282b25435581cabab6ea0566364b4f3af5324e79da1ae0

    • Size

      1.2MB

    • MD5

      c87b042cf1cb57bedc9405f8053b9a8f

    • SHA1

      05a4c6323c758c44f4e35234e224d6896e78698a

    • SHA256

      c240b930be238078d2282b25435581cabab6ea0566364b4f3af5324e79da1ae0

    • SHA512

      9b7ff0d149d81892ab956d1ad94afc25ad17b4af574adb3a7462af1a70d688332bd515531a91afe9fd1b654de39d520a32b3315c9a93a2d68cc844e7ede56589

    • SSDEEP

      24576:HyxOj9jEzGOtILd6SCv01BsDHzYGZT/uFQo3YyINcVlxm:SgoSCvAyzLu6opIe

    • Detected google phishing page

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks