Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919
-
Size
5.0MB
-
Sample
240112-3qfq8agga8
-
MD5
9ffdb37177de3e04a48a989cd072dff1
-
SHA1
50d2acc6557c6c8ad46f962d1513cfa55f193c2e
-
SHA256
52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919
-
SHA512
05ebcc318b7dc5f8979917da2c84e3efeef636a2c33693d6d75a82461f3ce92a1577c8f7a251b0b8fed6210747c13c508319381cfe3ab05e958cf3aa56d01b1b
-
SSDEEP
98304:s5Dn92RV8yMS1WSxhg8oSrFGg+5CQhm4ybCmU15OcNOQ8x7eR:gQUVgWSLgorFGbXhJOCH7OGsx
Malware Config
Extracted
risepro
193.233.132.62:50500
Targets
-
-
Target
52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919
-
Size
5.0MB
-
MD5
9ffdb37177de3e04a48a989cd072dff1
-
SHA1
50d2acc6557c6c8ad46f962d1513cfa55f193c2e
-
SHA256
52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919
-
SHA512
05ebcc318b7dc5f8979917da2c84e3efeef636a2c33693d6d75a82461f3ce92a1577c8f7a251b0b8fed6210747c13c508319381cfe3ab05e958cf3aa56d01b1b
-
SSDEEP
98304:s5Dn92RV8yMS1WSxhg8oSrFGg+5CQhm4ybCmU15OcNOQ8x7eR:gQUVgWSLgorFGbXhJOCH7OGsx
Score10/10-
Detected google phishing page
-
Modifies Windows Defender Real-time Protection settings
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1