risepro | d801058b8bdb1a799c725c7004852f62110335e3d48e6e6731f1a8e5b3a30f5a | Triage

Resubmissions

04/04/2024, 23:11

240404-26nakada71 10

04/04/2024, 23:10

240404-25rxcsda5z 10

Sharing

Copy URL Twitter E-mail

General

Target

ROBLOX MOD.zip
Size

2.7MB
Sample

240404-26nakada71
MD5

b7b55881e07b35e7d0db149fa4824c02
SHA1

fff61668cbe80d180d49b05858d65b07d5579428
SHA256

d801058b8bdb1a799c725c7004852f62110335e3d48e6e6731f1a8e5b3a30f5a
SHA512

18566cd88110e234dcc9473394f7d2c16a09afd1373053fea821b2dd8293bda115416d695f46ba3b4b140bb426c53d6a5e05c54928abe9928947350fbbbfd117
SSDEEP

49152:3bT4cpgiAu1Ub5sGOnS1ArG0wU9zv9mdSlpLGiiKeymqwKw1r:3bii96knN9mdApLGi1XmZr

Score

10^/10

risepro stealer

Malware Config

Targets

- Target
  
  ROBLOX MOD.zip
- Size
  
  2.7MB
- MD5
  
  b7b55881e07b35e7d0db149fa4824c02
- SHA1
  
  fff61668cbe80d180d49b05858d65b07d5579428
- SHA256
  
  d801058b8bdb1a799c725c7004852f62110335e3d48e6e6731f1a8e5b3a30f5a
- SHA512
  
  18566cd88110e234dcc9473394f7d2c16a09afd1373053fea821b2dd8293bda115416d695f46ba3b4b140bb426c53d6a5e05c54928abe9928947350fbbbfd117
- SSDEEP
  
  49152:3bT4cpgiAu1Ub5sGOnS1ArG0wU9zv9mdSlpLGiiKeymqwKw1r:3bii96knN9mdApLGi1XmZr
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  ROBLOX MOD.exe
- Size
  
  1.6MB
- MD5
  
  392064084633c2f19ec20085d1dfff51
- SHA1
  
  b0a1b04d20ba37f9c2670da091003839a2b6dbec
- SHA256
  
  21e87e246cfb847318bc0d21b7a9264a651ba4fd04745ff896ae4cce9188d50c
- SHA512
  
  1a8431324fdd12d83c2e2bdae5162c0b4b257784f90448c49042e9bd8b9b7899f6e5ef1166c49488242f983ac7b84ffd50cb1b8345905f42bf163debc95fcb2e
- SSDEEP
  
  24576:AfLvRnXG8iksHhbDJBY7mLR0tOD4qABs0e52NmpT6XaNcCYEl0xEMFawP6ILyvCU:6NnXg9YAR1ABsj52g1hVYpzqf2Cv5Q1I
Score

10^/10

risepro stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4