Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919

  • Size

    5.0MB

  • Sample

    240112-3qfq8agga8

  • MD5

    9ffdb37177de3e04a48a989cd072dff1

  • SHA1

    50d2acc6557c6c8ad46f962d1513cfa55f193c2e

  • SHA256

    52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919

  • SHA512

    05ebcc318b7dc5f8979917da2c84e3efeef636a2c33693d6d75a82461f3ce92a1577c8f7a251b0b8fed6210747c13c508319381cfe3ab05e958cf3aa56d01b1b

  • SSDEEP

    98304:s5Dn92RV8yMS1WSxhg8oSrFGg+5CQhm4ybCmU15OcNOQ8x7eR:gQUVgWSLgorFGbXhJOCH7OGsx

Malware Config

Extracted

Family

risepro

C2

193.233.132.62:50500

Targets

    • Target

      52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919

    • Size

      5.0MB

    • MD5

      9ffdb37177de3e04a48a989cd072dff1

    • SHA1

      50d2acc6557c6c8ad46f962d1513cfa55f193c2e

    • SHA256

      52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919

    • SHA512

      05ebcc318b7dc5f8979917da2c84e3efeef636a2c33693d6d75a82461f3ce92a1577c8f7a251b0b8fed6210747c13c508319381cfe3ab05e958cf3aa56d01b1b

    • SSDEEP

      98304:s5Dn92RV8yMS1WSxhg8oSrFGg+5CQhm4ybCmU15OcNOQ8x7eR:gQUVgWSLgorFGbXhJOCH7OGsx

    • Detected google phishing page

    • Modifies Windows Defender Real-time Protection settings

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks