General

  • Target

    file

  • Size

    2.5MB

  • Sample

    240125-t968vaahh4

  • MD5

    fc774a4455b8929454e016518dfd234c

  • SHA1

    4cb70043727b501919aad98a8e006b09ee37bba9

  • SHA256

    414d6d04818f03a3c45a8f4300fbae1ce5a5cee9beb8ce90417ea9d09314cc74

  • SHA512

    4e8e25638fd4848580077ed2f1d3cfe9e3acb88e97b6cc3bee4c3a997aa2cc04bc98a8784fe567ca0d7f30c51803f5d0b7bd056dc7173ee4afa847fa248b79e8

  • SSDEEP

    49152:VkQTA0rFERkvK8YL17QGu4Etaaajq+UFn5LV/WFXFN17Zfd91:VaaEKcxQGYKjNuFwhFnH91

Malware Config

Extracted

Family

risepro

C2

193.233.132.37:50500

Targets

    • Target

      file

    • Size

      2.5MB

    • MD5

      fc774a4455b8929454e016518dfd234c

    • SHA1

      4cb70043727b501919aad98a8e006b09ee37bba9

    • SHA256

      414d6d04818f03a3c45a8f4300fbae1ce5a5cee9beb8ce90417ea9d09314cc74

    • SHA512

      4e8e25638fd4848580077ed2f1d3cfe9e3acb88e97b6cc3bee4c3a997aa2cc04bc98a8784fe567ca0d7f30c51803f5d0b7bd056dc7173ee4afa847fa248b79e8

    • SSDEEP

      49152:VkQTA0rFERkvK8YL17QGu4Etaaajq+UFn5LV/WFXFN17Zfd91:VaaEKcxQGYKjNuFwhFnH91

    • Kinsing

      Kinsing is a loader written in Golang.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks