General

  • Target

    4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e

  • Size

    1.6MB

  • Sample

    231214-ag3v6sacdm

  • MD5

    e94dce896b9504ef6a54fb33528bb923

  • SHA1

    f99b8a14c147c1dd5f5ab763132b3f8926d2cb64

  • SHA256

    4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e

  • SHA512

    8926a9539b0d4b4b38c5c19e0eb2595cf15c5a954859a601dce936f50c768c736fb50d90fe9fbc741bd3b0601cce72c2a72aec160d6338b345b5e280e4b1e282

  • SSDEEP

    49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e

    • Size

      1.6MB

    • MD5

      e94dce896b9504ef6a54fb33528bb923

    • SHA1

      f99b8a14c147c1dd5f5ab763132b3f8926d2cb64

    • SHA256

      4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e

    • SHA512

      8926a9539b0d4b4b38c5c19e0eb2595cf15c5a954859a601dce936f50c768c736fb50d90fe9fbc741bd3b0601cce72c2a72aec160d6338b345b5e280e4b1e282

    • SSDEEP

      49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u

    • Drops startup file

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks