Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2

  • Size

    1.5MB

  • Sample

    231214-cj8wbaahaj

  • MD5

    7d97f7292ac110312aedf2b1f3aad869

  • SHA1

    a38548468544b239108fc156cb5940ecea1a243a

  • SHA256

    0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2

  • SHA512

    0d2fa22c9a373f2d69b83ee0cbadfab55dba1cd5bda72ed3a7caa49fcbd9f9fa276afb2249cf5c8db346c805dd13bcd234967ddae5d9c6df6dcb542d6514f426

  • SSDEEP

    24576:ky9VsmJemf/nV3Vrc9H2Ag217dOptMAZJzUHsQEg+JPDJ+TrgtEyuBYfiALs:zLsmJemHnVSZng2vEtMo018PDJugtEyv

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2

    • Size

      1.5MB

    • MD5

      7d97f7292ac110312aedf2b1f3aad869

    • SHA1

      a38548468544b239108fc156cb5940ecea1a243a

    • SHA256

      0925b4781699ee4adf5cb86cf7a3c11f632337ae852a390ba55551d28f7f42b2

    • SHA512

      0d2fa22c9a373f2d69b83ee0cbadfab55dba1cd5bda72ed3a7caa49fcbd9f9fa276afb2249cf5c8db346c805dd13bcd234967ddae5d9c6df6dcb542d6514f426

    • SSDEEP

      24576:ky9VsmJemf/nV3Vrc9H2Ag217dOptMAZJzUHsQEg+JPDJ+TrgtEyuBYfiALs:zLsmJemHnVSZng2vEtMo018PDJugtEyv

    • Detected google phishing page

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks