Overview

overview

10

Static

static

3

Investor.exe

windows7-x64

7

Investor.exe

windows10-2004-x64

10

Resubmissions

17/02/2024, 13:32

240217-qs211sfh44 10

17/02/2024, 13:31

240217-qsg1vafh38 4

17/02/2024, 13:27

240217-qp3s5sfc9s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Investor.exe

  • Size

    1.4MB

  • Sample

    240217-qs211sfh44

  • MD5

    3c36b361d58956b8d2e7cd288c3565e9

  • SHA1

    ea7b32ef78b6364214d4c3ceb46ad161bf38075a

  • SHA256

    fc93385270760875676a65e0663ad9a3e2d86b495e1586fef048d2e197f62a6a

  • SHA512

    66dc50d1c2d48981a6823c6469999dd0d9bd06d1f5df0605021c378be441c5c65d278c225e2ef9e5abaf80d75579aeaf68f90ed855be599981f41be7f84a38e3

  • SSDEEP

    24576:Ak70TrcwLpKe4m/ahJAg/+nEWlIphxJXxtmop6Ab5LJDudW4ecS3zMyUk1hH/Njh:AkQTAAwWWGr/cxIhQ9wrEHDjp83k3/6u

Score
10/10
riseprostealer

Malware Config

Extracted

Family

risepro

C2

159.69.86.27:50500

Targets

    • Target

      Investor.exe

    • Size

      1.4MB

    • MD5

      3c36b361d58956b8d2e7cd288c3565e9

    • SHA1

      ea7b32ef78b6364214d4c3ceb46ad161bf38075a

    • SHA256

      fc93385270760875676a65e0663ad9a3e2d86b495e1586fef048d2e197f62a6a

    • SHA512

      66dc50d1c2d48981a6823c6469999dd0d9bd06d1f5df0605021c378be441c5c65d278c225e2ef9e5abaf80d75579aeaf68f90ed855be599981f41be7f84a38e3

    • SSDEEP

      24576:Ak70TrcwLpKe4m/ahJAg/+nEWlIphxJXxtmop6Ab5LJDudW4ecS3zMyUk1hH/Njh:AkQTAAwWWGr/cxIhQ9wrEHDjp83k3/6u

    Score
    10/10
    riseprostealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks