risepro | ec03a903cb74030622ac957e6aaefbb7437b032a4e6db82c33126016ac6c7d06 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

bb2dca9753...e4.exe

windows7-x64

bb2dca9753...e4.exe

windows10-2004-x64

Sharing

General

Target

bb2dca9753b1d42e4711f67ab64e8ce4.exe
Size

3.4MB
Sample

240325-t9yxgadc36
MD5

bb2dca9753b1d42e4711f67ab64e8ce4
SHA1

70cf25896537a950d7a6dda9f56040f4d372d303
SHA256

ec03a903cb74030622ac957e6aaefbb7437b032a4e6db82c33126016ac6c7d06
SHA512

6658595c9ea9a62f377d8bbe71d0a25530badfefde9d569ce196b79be87685a41e319339b97f7a6f783844f606e87e22f6b478894889440625484ee8c4e63a90
SSDEEP

49152:J1UHC6vWZtnxJB9qBBmAAcuXshmk2sP4gNi1KEj39tpz7vDZvtNUZRMYDiTYwEq+:J1+WZtzDqBScuXKmk2RXKi17NteXW6S0

Score

10^/10

risepro evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb2dca9753b1d42e4711f67ab64e8ce4.exe

Resource

win7-20240221-en

risepro evasion stealer themida trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb2dca9753b1d42e4711f67ab64e8ce4.exe

Resource

win10v2004-20240226-en

risepro evasion stealer themida trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  bb2dca9753b1d42e4711f67ab64e8ce4.exe
- Size
  
  3.4MB
- MD5
  
  bb2dca9753b1d42e4711f67ab64e8ce4
- SHA1
  
  70cf25896537a950d7a6dda9f56040f4d372d303
- SHA256
  
  ec03a903cb74030622ac957e6aaefbb7437b032a4e6db82c33126016ac6c7d06
- SHA512
  
  6658595c9ea9a62f377d8bbe71d0a25530badfefde9d569ce196b79be87685a41e319339b97f7a6f783844f606e87e22f6b478894889440625484ee8c4e63a90
- SSDEEP
  
  49152:J1UHC6vWZtnxJB9qBBmAAcuXshmk2sP4gNi1KEj39tpz7vDZvtNUZRMYDiTYwEq+:J1+WZtzDqBScuXKmk2RXKi17NteXW6S0
Score

10^/10

risepro evasion stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealerthemidatrojan

behavioral2

riseproevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy