Behavioral task
behavioral1
Sample
2132-9-0x0000000000400000-0x000000000057C000-memory.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2132-9-0x0000000000400000-0x000000000057C000-memory.exe
Resource
win10v2004-20240226-en
General
-
Target
2132-9-0x0000000000400000-0x000000000057C000-memory.dmp
-
Size
1.5MB
-
MD5
daf28604ba8bbdb1fd68894ea236e829
-
SHA1
ff42c1062c78ecf890019e221d574d639edc876c
-
SHA256
61b498133dc5cb7eac25942a7ed162af160c84d2ca78f4250e358144e8e0ff01
-
SHA512
4f629aab5853d0c33d2a8f6bddc6bb0d2b338b231219368cf701cf21de1b307c2336db3067a482b83d52fcdfdb0fa973512204bf1c2340b1704f62d31e233d79
-
SSDEEP
24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0Wj:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTD
Malware Config
Extracted
risepro
82.147.85.246
Signatures
-
Privateloader family
-
Risepro family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2132-9-0x0000000000400000-0x000000000057C000-memory.dmp
Files
-
2132-9-0x0000000000400000-0x000000000057C000-memory.dmp.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 215KB - Virtual size: 214KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ