risepro | ecd41e712f27cdf177af4d2fb45d64734ace0831263536d343c1259ab2cf0c57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ecd41e712f27cdf177af4d2fb45d64734ace0831263536d343c1259ab2cf0c57.exe
Size

5.0MB
Sample

240111-y8mv2agaaq
MD5

32a8996291f69b743e97227e0d6d071b
SHA1

6390b31bc0489ad5a35234412f5d9257706ef075
SHA256

ecd41e712f27cdf177af4d2fb45d64734ace0831263536d343c1259ab2cf0c57
SHA512

aecf7c64c0a48f856a0bbe5399d11f377031337e5933d746e0b743ec693a155a8a797deda4a2b63a63510b726387eed8b9f76b17e74c8672a000a9676858afc7
SSDEEP

98304:Zs0zDm2QgSrZhOd1n4NobHSV+4uWrG8btG4WVYwo6NZzN/syF3QPNlYUe9:ZzrmZhO/4ObHV4uIb9DSLxsyur

Score

10^/10

risepro evasion persistence stealer trojan

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Targets

- Target
  
  ecd41e712f27cdf177af4d2fb45d64734ace0831263536d343c1259ab2cf0c57.exe
- Size
  
  5.0MB
- MD5
  
  32a8996291f69b743e97227e0d6d071b
- SHA1
  
  6390b31bc0489ad5a35234412f5d9257706ef075
- SHA256
  
  ecd41e712f27cdf177af4d2fb45d64734ace0831263536d343c1259ab2cf0c57
- SHA512
  
  aecf7c64c0a48f856a0bbe5399d11f377031337e5933d746e0b743ec693a155a8a797deda4a2b63a63510b726387eed8b9f76b17e74c8672a000a9676858afc7
- SSDEEP
  
  98304:Zs0zDm2QgSrZhOd1n4NobHSV+4uWrG8btG4WVYwo6NZzN/syF3QPNlYUe9:ZzrmZhO/4ObHV4uIb9DSLxsyur
Score

10^/10

risepro evasion persistence stealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionpersistencestealertrojan

behavioral2

riseproevasionpersistencestealertrojan