General
-
Target
4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e
-
Size
1.6MB
-
Sample
231214-ag3v6sacdm
-
MD5
e94dce896b9504ef6a54fb33528bb923
-
SHA1
f99b8a14c147c1dd5f5ab763132b3f8926d2cb64
-
SHA256
4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e
-
SHA512
8926a9539b0d4b4b38c5c19e0eb2595cf15c5a954859a601dce936f50c768c736fb50d90fe9fbc741bd3b0601cce72c2a72aec160d6338b345b5e280e4b1e282
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Behavioral task
behavioral1
Sample
4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e.exe
Resource
win10-20231129-en
Malware Config
Extracted
risepro
193.233.132.51
Targets
-
-
Target
4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e
-
Size
1.6MB
-
MD5
e94dce896b9504ef6a54fb33528bb923
-
SHA1
f99b8a14c147c1dd5f5ab763132b3f8926d2cb64
-
SHA256
4f3daed8e252b93a9f482245aaadabf9105891fa55e001a9423f9efb0b52927e
-
SHA512
8926a9539b0d4b4b38c5c19e0eb2595cf15c5a954859a601dce936f50c768c736fb50d90fe9fbc741bd3b0601cce72c2a72aec160d6338b345b5e280e4b1e282
-
SSDEEP
49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uonTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Score7/10-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-