risepro

Sharing

Copy URL

Twitter E-mail

General

Target

by Ryosx [GoddyXSpl0its].zip
Size

9.0MB
Sample

240406-2f7lhsch7x
MD5

1576f66c5e1e147202a1877c46551d4b
SHA1

51538c42ea4fc4564f5e9649fcb2393a787885ca
SHA256

1b38c9f7c56125e9e03197daaf47b65870a592483341c25128da4d2385cc4177
SHA512

8e10a1139854e3354b512246adc5e68e10675729cbe0844881f26d4bd875e94fb3de69d96479d2fc956dc608b169dc4c7d6dc396e1507ed38fe4edf6fa9bff67
SSDEEP

196608:BqqB7bIs+K5/wcoKsZpyCa4sbJNtoKpwI0qWgQUoobIxYovpHq:BqC+KChLyp4uNmRI0qkwtmHq

Score

10^/10

Malware Config

Targets

- Target
  
  by Ryosx [GoddyXSpl0its].zip
- Size
  
  9.0MB
- MD5
  
  1576f66c5e1e147202a1877c46551d4b
- SHA1
  
  51538c42ea4fc4564f5e9649fcb2393a787885ca
- SHA256
  
  1b38c9f7c56125e9e03197daaf47b65870a592483341c25128da4d2385cc4177
- SHA512
  
  8e10a1139854e3354b512246adc5e68e10675729cbe0844881f26d4bd875e94fb3de69d96479d2fc956dc608b169dc4c7d6dc396e1507ed38fe4edf6fa9bff67
- SSDEEP
  
  196608:BqqB7bIs+K5/wcoKsZpyCa4sbJNtoKpwI0qWgQUoobIxYovpHq:BqC+KChLyp4uNmRI0qkwtmHq
Score

1^/10
behavioral1 behavioral2
- Target
  
  AUR0RA V3.rar
- Size
  
  9.0MB
- MD5
  
  0df42dd74a3e614a12173fd71aaf98fe
- SHA1
  
  52e949b521a2ff7671b663ec5b8ab197e5dd7ffd
- SHA256
  
  656eb84822afbd053bf199f8362fd15b7fef64f18c83ff74f6fb547dbc6ad813
- SHA512
  
  3347ef6ec4389671d8c3929e9ec9d730c5941528866e8e6011927d2ef288be179f320f7d61c8f8fa68f6888c385bfac72b850d7c0819bdaee8d744d901a5839b
- SSDEEP
  
  196608:ZqqB7bIs+K5/wcoKsZpyCa4sbJNtoKpwI0qWgQUoobIxYovpHa:ZqC+KChLyp4uNmRI0qkwtmHa
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  AUR0RA V3/AURORAV3.exe
- Size
  
  287.0MB
- MD5
  
  ae6a6df39b6c4c157233078507d95e11
- SHA1
  
  2a58a806431b91b0d08044e58293dc4493800718
- SHA256
  
  9ffaea98983a0fe1749a30f766267ca3a2a485247fbd6153492cea0decdf1fb5
- SHA512
  
  5948e3a6984742325698652072fcedcff22468dfcf4f2a62e50343e50aa5ff8a42da89510e8ccd010c03b14173e702736b1a05a38cea7a092a8080e1042d309b
- SSDEEP
  
  49152:NqttHg4EaM9b/+P5LCShPVJPuNJrdlaVtwI1EgBX:NQA4Ef5YNCSbWJRlCwIDBX
Score

10^/10

risepro stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  $INTERNET_CACHE/Alot
- Size
  
  46KB
- MD5
  
  2f9f83a1d508d78c3672034a43a293c5
- SHA1
  
  1f7baf69f61e749464fd6e1e4569e9a22de1c548
- SHA256
  
  0634b38196d73953401fb0348cc208625f40dc70979f13ed754277ba7fbfd291
- SHA512
  
  9c5fc69233d983567ffaf9adc3b3305f454d116743ae481c9bf57d245b4a055ab5938848ee85c87b5c71f3e2c6b4f1e4cd1adf1574bcb98098080ebf0edbebf7
- SSDEEP
  
  768:6dcm2uaCcU4hEt9v4yl4qM5SOnvKTvyJXT6K6Lx3Tbbqbcdoqc4g8ZRfb3fBIm8/:i2F90+qM5SOnvKDyJXT6TLx3Hy4Rz3iN
Score

1^/10
behavioral7 behavioral8
- Target
  
  $INTERNET_CACHE/Clearing
- Size
  
  220KB
- MD5
  
  1ef4da14132bef6a979acd1456d98f3d
- SHA1
  
  59f9ffeef09845224ac57508738ae9b69e1dd1b7
- SHA256
  
  b813cfbd43195490ca29f9dc59e94bef9fb9f4e76ee0b43c16d5b16884bae5a1
- SHA512
  
  46b9a18853f14a9c36c4a9eea347ead634cb6db25a55a00c793eec7b1a7d4715c45263355d1800c81778174b57a17e77a250b0a89da59a64a855d909e4f5355d
- SSDEEP
  
  3072:gxtoRU+5qkv2vvewDr81ue96zMv+r9Ko5C3CRN:/IN
Score

1^/10
behavioral10 behavioral9
- Target
  
  $INTERNET_CACHE/Emotions
- Size
  
  12KB
- MD5
  
  5d2e99be0f015f8dd0ea396e18298b36
- SHA1
  
  ef6046177d89c2d4a8382a81b350702cac319112
- SHA256
  
  92951dd31f519369d41dd38f33d2413218e80719b0df7d644ab802631f5034a3
- SHA512
  
  e9aa8c20ed343fcfd899aada6c9ff5aecbd5a851ed153884da285732fb961d42ca096152e60c7fecd69fcc67853eb6285b8fed43e289af61c5bef25c93d51098
- SSDEEP
  
  384:TBRXtHiR26R/oQ1OHjW15xsebJoqu/A1xd:rdZ8wQRLxjb2Z/A1f
Score

1^/10
behavioral11 behavioral12
- Target
  
  $INTERNET_CACHE/Erotica
- Size
  
  287KB
- MD5
  
  267b5e481037717e735391deeea0ff8f
- SHA1
  
  7fe2ac9c02bc53c1fb889f206aa51aa6da794f36
- SHA256
  
  afc7e1a378b9d972854c5a83ceb498b7bcd590a4841e2f34dcce9f5249de71ab
- SHA512
  
  1288a15102d756ff21a72023a24ef428b556358b37c5ec26d17aafcfab10b558b3f453cc9d481c1c4c851410190f812f9c94cc11f8cb1ee9fbe577b25ef8ac03
- SSDEEP
  
  3072:LYsbW0sfQqA5i1oh4FLuEumfHAQGcIGbMKIad5LhIuaLS:MqqYP5i13umPl5bgadd2a
Score

1^/10
behavioral13 behavioral14
- Target
  
  $INTERNET_CACHE/Fcc
- Size
  
  209KB
- MD5
  
  3b5281a40da51473173ae333354a4708
- SHA1
  
  1caa01b6ce05f28d3df1e93b9edad31116fd8782
- SHA256
  
  06e0cded6103f91778bb311d7771ed13e39509c44fe659cd28ce4b0afe69f553
- SHA512
  
  50538e36aeca1182cb9c368976d8b3816fa7cc9fb017269d4a1e6f7608ca0db227e343038d29ca483461eeed6812717b9d6227d7e980dbb8c3cd332e5da14dee
- SSDEEP
  
  3072:m2g8oKkX3h77FmkvsPF/CFWiXtDl6o4OA7+:mpKaxFmkUmhpl6of2+
Score

1^/10
behavioral15 behavioral16
- Target
  
  $INTERNET_CACHE/Fighter
- Size
  
  166KB
- MD5
  
  55bc4dc42166555b8a6f011c7f9ad209
- SHA1
  
  310e974352ee2e7ef63a91af925947a77cac6eba
- SHA256
  
  284bcbdf5593032547c119847d9d4a6359b400a74f13fa9d3774181d6be248c6
- SHA512
  
  f793c981720747f49eab38838d97458d4625ee0ee790e7a79319489c4d1bbae11b9f9c23e33609e35b15d476d5c084f77164332f654ed8040ce7c4d8faf54252
- SSDEEP
  
  3072:AlF6urnRf9PK9O/BY0lIny3L/enhnZbhhdmNfPF84ccdIw33BJxI6yc437L/y0f7:mF6uDRFPK+InNbhhdcceJxgcmy0f9r7B
Score

1^/10
behavioral17 behavioral18
- Target
  
  $INTERNET_CACHE/Forever
- Size
  
  46KB
- MD5
  
  cdc1c1777ae9a8548ef73e3d8d3cb771
- SHA1
  
  ab9e4243eff32ab19c709c57ebd8a826b226646b
- SHA256
  
  e5909739456e96f48ede99e430190574db9593ec2ef32009557cffa71f141fba
- SHA512
  
  2f384cf0a24ba04c117d8fa00f757b0bd9ce7a333182eff3d8927bd80c068d4ad9bbfa1b90f904c974162d843e65ef450c938ce13a7ac6b64a1393202d1fc3d0
- SSDEEP
  
  768:zr9FRgR06DHimBL4w6e5/MYl22+b2eRrOV+VshEIsavgafe1aLJhFhLzlDngwhZE:X9FiKsLd5ENVrOV+V0/vDfeM/HLzlDgf
Score

1^/10
behavioral19 behavioral20
- Target
  
  $INTERNET_CACHE/Genre
- Size
  
  257KB
- MD5
  
  e250dae40537d592778b9502cf8227fb
- SHA1
  
  303369f3adaec712570adc4c56ac5bea64e365f1
- SHA256
  
  1a6dab9fd80044680137ec4073c4963ec28341361a44ec5d710d4bea67a21074
- SHA512
  
  5bd19c4b18cdeb27be1470758efe724da9a123b857a849e742bd110f22fc6caaf65590d1628b3869a7427a8b67cfd3e63b6f42d23d0fe08d3e8a0f1d6ede65b8
- SSDEEP
  
  6144:IuEE83DjWZf5fbA7nRFNVlOYtqrhc1oOLZld6KpsT+M8quRQ42:IG83DwTkmhc1oOdlUT+hdN2
Score

1^/10
behavioral21 behavioral22
- Target
  
  $INTERNET_CACHE/Harrison
- Size
  
  204KB
- MD5
  
  d48f0066bbbae76cf753fa44ba32c1e3
- SHA1
  
  4afa385545e4f98cb7c64caa5da8b15018d3a518
- SHA256
  
  3cf27be352bcd2994403a9af6300d36c0390089a1d768df2d307e92edb0b3ac5
- SHA512
  
  13bc1212d2de7146d00bbb03f5f0cfe93a2ae2d077311e54859239d84e772cc0881d83ba28de3010418685e8f10de218f06a526994b8cd6b3ffbc921ec92a86a
- SSDEEP
  
  3072:h0v2n2gXMXE6Tmd3ceTGQW+WGeqjjrh82L8SyEB8:h0vmln6iFdNWGeq/rh824AG
Score

1^/10
behavioral23 behavioral24
- Target
  
  $INTERNET_CACHE/Idea
- Size
  
  277KB
- MD5
  
  0f1de8c0e038c0275860fd290b02c4d8
- SHA1
  
  25de651d877c2a413cf67b96c1606600d86b25d5
- SHA256
  
  4f4bc55aed3199ab69af774d87a48890c5ebc470719cb94ebb3e9691cc7aa84e
- SHA512
  
  94ebf780cdfdd68b1e5f5de76037adea1d2a7b207af06ec64907d966767987a72db7c727d819578e20eecbb29eef8f60cc69eb4150f3ad660e42394ee69c9899
- SSDEEP
  
  3072:8KYQMndIxTXRl3IcfFzpPRay4UQQ6VXgYrm3zK7n7tr8PM+o2N88wW1:WxyxtlYctzPay4x7jVyM+o2Tb
Score

1^/10
behavioral25 behavioral26
- Target
  
  $INTERNET_CACHE/Introduce
- Size
  
  251KB
- MD5
  
  4365b4a8e5a9f7d34d242d83148d37c9
- SHA1
  
  91d4dea7b5f2a4bdb8de6a4f01202d7c7017cbd0
- SHA256
  
  a0f8eecc85f3d72f066bfd72605132c745f849b8fb10eba610c9460b6c2e687b
- SHA512
  
  ed17236d833fa4475d1683b8660ec8243c09b2ef5d278968e317670048661b225ca0a5006c8c506ebeb22814b046e26fe64c34f8c2d6d813874b2f4c6e37d423
- SSDEEP
  
  1536:EXZ2pjvGOYqORZEs0FLo/t7RiuPHxTDiUR2miAZimDcHnjQFxhCMv+tZqQqWrfw6:U5VZwcxq2NXkivv+fUFTj+LFiEyLs0M
Score

1^/10
behavioral27 behavioral28
- Target
  
  $INTERNET_CACHE/Ld
- Size
  
  171KB
- MD5
  
  0fc4b1c389fa315ae8563d2c3ebc636b
- SHA1
  
  e03df5eb60d707bb7c1ad29e42e83feb47983672
- SHA256
  
  ff9bf8a27b8a03935494646154d9eff8e565452041c3cf52c8b76bf2fb0c996b
- SHA512
  
  4d9aa3cc48836a7b5d5ea9af67b25582febadc7c13ab4ffe202523558cf393ebdb39b4ee1be916e19d5389ca234b41c824bdc553f1d47bd36ddf3d63b34f09df
- SSDEEP
  
  3072:a6TWxbgarBPivXDWy4ZNo893kvs9SZHLMX:a6igarp0aBZ28C0cZHLm
Score

1^/10
behavioral29 behavioral30
- Target
  
  $INTERNET_CACHE/Participants
- Size
  
  59B
- MD5
  
  df7fa3ba9a23cdb72499f49026149b1b
- SHA1
  
  167a471297e7e1f9de2d51233453788fd0a1227b
- SHA256
  
  e4754b247074cc987484c9f2a38903ab11b88a9bcff87e4f9f31986fcc4334cb
- SHA512
  
  9843fcc8c2a2fd032f6366341ad7bc69b33fe7791dc4f9cf7793d7aecbe8c9340dcaeba9e1d771b35acebde2d027bc8bd804d9133038758fbbba6589e84fbc3e
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32