General

  • Target

    vi3aE84.exe

  • Size

    1.1MB

  • Sample

    231215-smepmsdfar

  • MD5

    28f4372ef768462a50cd7f7dad612543

  • SHA1

    213f53591b2f629ccddb6050cf6dc21eeb6ad7ff

  • SHA256

    12392d1a3eb4e2eed271098d22c7e1c3e124a7acbfb78e97554af9c54bc096c9

  • SHA512

    459729eb45574def956c79105e346617014be5666033f3773d02f4539bc4f4d0345cc7dc86a381f7247f4585587328c0119968af7f6e52e4b22f79c3e31f2c67

  • SSDEEP

    24576:vy6kujY7nV3Gkc9BB2ia6NAEjYZQNAUH6S/5ysZRvdGQ8l7wjOy1:66RjSnVYfB2h6NA3QN7HN/5yEHb8lMC

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

    • Target

      vi3aE84.exe

    • Size

      1.1MB

    • MD5

      28f4372ef768462a50cd7f7dad612543

    • SHA1

      213f53591b2f629ccddb6050cf6dc21eeb6ad7ff

    • SHA256

      12392d1a3eb4e2eed271098d22c7e1c3e124a7acbfb78e97554af9c54bc096c9

    • SHA512

      459729eb45574def956c79105e346617014be5666033f3773d02f4539bc4f4d0345cc7dc86a381f7247f4585587328c0119968af7f6e52e4b22f79c3e31f2c67

    • SSDEEP

      24576:vy6kujY7nV3Gkc9BB2ia6NAEjYZQNAUH6S/5ysZRvdGQ8l7wjOy1:66RjSnVYfB2h6NA3QN7HN/5yEHb8lMC

    • Detected google phishing page

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks