risepro

Sharing

Copy URL

Twitter E-mail

General

Target

by RRyos [GoddyXpl0its].zip
Size

8.9MB
Sample

240411-nfnxhsad39
MD5

5dab6d05600aa9a4a8e65fe3a51c73c3
SHA1

05908e4690b74bf771eda6d35af36c185241bc99
SHA256

87dc8a31b38e584652dbbea9996dcbff96599dac087b5b48d74b02f4af9b0d86
SHA512

e769a2b20d8967c4fd11b2801053e11fc4f0812a7c56053cc07dde7715dc11a5447f7fd50411f6ef153a921957f21a19cfb3f99c866d0f4ccb6d676ce5934636
SSDEEP

196608:VMnUiG7Cxjdqsfs9V5bbJjpohW36O4oNeXJoji0VYFp5K8:VMng7CxjdqxVdbYm6jAe+urFpt

Score

10^/10

Malware Config

Targets

- Target
  
  by RRyos [GoddyXpl0its].zip
- Size
  
  8.9MB
- MD5
  
  5dab6d05600aa9a4a8e65fe3a51c73c3
- SHA1
  
  05908e4690b74bf771eda6d35af36c185241bc99
- SHA256
  
  87dc8a31b38e584652dbbea9996dcbff96599dac087b5b48d74b02f4af9b0d86
- SHA512
  
  e769a2b20d8967c4fd11b2801053e11fc4f0812a7c56053cc07dde7715dc11a5447f7fd50411f6ef153a921957f21a19cfb3f99c866d0f4ccb6d676ce5934636
- SSDEEP
  
  196608:VMnUiG7Cxjdqsfs9V5bbJjpohW36O4oNeXJoji0VYFp5K8:VMng7CxjdqxVdbYm6jAe+urFpt
Score

1^/10
behavioral1 behavioral2
- Target
  
  A0RORA.rar
- Size
  
  8.9MB
- MD5
  
  023e3095897592a73316be3df453cd9c
- SHA1
  
  8f363726499a478e55d951c556d31063267b2b5b
- SHA256
  
  db4e7e54432c73c62b7efe45049becb6309100574b2f9d675ccb79f3be8b1efa
- SHA512
  
  fa6ff70e18a47a5793669a8eb0275ac316e43c78784fa9621903a2b899a3d67c1cc03cdfe7a35e9a7ed3e26130f210e79d674b93fb411a047fb2d9770c2d6947
- SSDEEP
  
  196608:zMnUiG7Cxjdqsfs9V5bbJjpohW36O4oNeXJoji0VYFp5K8:zMng7CxjdqxVdbYm6jAe+urFpZ
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  A0RORA/A0RORA V4.exe
- Size
  
  287.0MB
- MD5
  
  3b036c9d3c85bdb64cc993b601a20b90
- SHA1
  
  36c4b09f2a39d690780ab1af125657c294c63a61
- SHA256
  
  43afb96682ead6ea83d7af10c031e950711261a93768ff654d38939592430ab5
- SHA512
  
  14620d0b690f7cb04456f59e9c61d6bb98139ed1b01c234ae16e33bd624ae6d18eb67cd52705d96f839eb6c4c42142017e3ff897c00d18025b8c3f5c8ce93f75
- SSDEEP
  
  24576:ebqrNtz57KF0j6wvp6mRvQtguzIOJ1XE9+ofqYwWVDk5uL9I2aas0OMdK:kI3Nq02IfRvruz7E9+ofqADlLu2oVM
Score

10^/10

risepro stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  $INTERNET_CACHE/Annex
- Size
  
  146KB
- MD5
  
  7d4edcb5db311947d1133733e4c211af
- SHA1
  
  0ca7bc5d886adaac61ed0037c7164b17043a8942
- SHA256
  
  43963b3cba04817a6eab3c70ab8f995ff7e43de66841f9816d550c77ed766fef
- SHA512
  
  bb25ed8378938dd222892e24c38bdaabc49ac40b4e559566ed982ba0043fc7c790c792f1540cdaa5bd07df579a675b1d2484aac6bdfa1887beff254e97a4bd6b
- SSDEEP
  
  3072:kpVIa0/vidXqGjLPQ6ClAMfA4lelIJBSLPNGRx:k/12vk6AQzyMfA+eu
Score

1^/10
behavioral7 behavioral8
- Target
  
  $INTERNET_CACHE/Ballot
- Size
  
  251KB
- MD5
  
  504b91970d0965d1abef5e93ed2c2091
- SHA1
  
  ed1a4f1c15bef17348cca5f184cbabe4efb67804
- SHA256
  
  de504f733f61498b58d1ce85d5d0ed90320a20e2cebd55b5e05a27266286d0e4
- SHA512
  
  919143ecdfb8aa2751edc7a670f35188ebc7e7b2a251b69b8a18a5bdb8ee17740357b5480be53a8447cbe082032a39ed8cb2049b9f4a65a1665f68a31fe23e97
- SSDEEP
  
  6144:fVPlcBgtoTqnvAfcaG9b2M8JTDD/xcq21R1p/rAOPOeib:9lcqikvAfcN9b2MyZa31trov
Score

1^/10
behavioral10 behavioral9
- Target
  
  $INTERNET_CACHE/Batch
- Size
  
  242KB
- MD5
  
  fcc0b0727ade8ddad1785d89bf437493
- SHA1
  
  7f6df324f0855fd0b35281eba638ca5e6ca7414d
- SHA256
  
  62607c09c315601a43dbdda32cb49a5877812003a29b18bea16d953fec7db100
- SHA512
  
  fe47f52623820680243f5839139d9e64bcdde20b95e1591896a1ba923950a695dbdea0f8ad3fc32f5c43925c692e69d6cff85d950feb7294d315817c1ee8488a
- SSDEEP
  
  3072:r4ti9onM/0UA5b9onM/0UwrBvado+oe6vk5SrFWeVkcdG3NcmbXaR1Zg9onM/0Ua:0tFNIQtSsJWK6
Score

1^/10
behavioral11 behavioral12
- Target
  
  $INTERNET_CACHE/Calcium
- Size
  
  237KB
- MD5
  
  9d675b88161597e2e690531dd1a1718a
- SHA1
  
  e1b8d8570193f9b3c5ac80bed22b55a8a01449b4
- SHA256
  
  efb58ce2055405070d202ff308e274f8403b249364e21b13c13127a1548459df
- SHA512
  
  25361d5b9f2ba495ca9b92249dbb85a3b50ef98248f1f899de64a36f2fbc5325f30e655388973349b9cd83a751c6261554581a3589c36563ff5c7fff237a8061
- SSDEEP
  
  3072:t9noEtO5e2br7E5ozFF4uflcd/gNijGqNdKqTTvTtJWTqUYGVc0wuwm:tODQ6rOozVtgoNiiWdfWd
Score

1^/10
behavioral13 behavioral14
- Target
  
  $INTERNET_CACHE/Classical
- Size
  
  235KB
- MD5
  
  eaf385cdf1314e338da96bb238f75b01
- SHA1
  
  2d6c7d5e4564e782bba21fea45669be4caf2fa96
- SHA256
  
  bad782e8dd1a95af87f67c7dcc036d62d3bbc8a47fa3384ce9883eb2f36ecca1
- SHA512
  
  41b9d8096870dcaa51fba676238297a12c46cfe3a6ab2f84f95b10b606b7ae56775c40ab75df268f0fb3795fe82a9fb3e668069de4142f04b9191d947dc4c3fd
- SSDEEP
  
  3072:dHemsIqQVUHwtwP9Xzm9onM/0UeXprNWRz9onM/0UrhkcjGjyiIZyxiY/1H3uGzo:Bgc4iwHF8gETgEX+Y
Score

1^/10
behavioral15 behavioral16
- Target
  
  $INTERNET_CACHE/Compilation
- Size
  
  226KB
- MD5
  
  05419cc29faab53e8c8815473d37ed7e
- SHA1
  
  1e8b2bbe3373c7ef174f9c23ebf697dcfad4e8f9
- SHA256
  
  3a152cdbb60495642de5321b46dbbfe529399a6431682bc24d543bbc6ce7eac1
- SHA512
  
  afc6c50b5d9840193a4988c0bcbf7706540ab3e0ef65cfcb53904b6178df64b798bf18a2197212dfafe3e109b7adf4b1e32dcbfc735f82cf9819fd21d4b4dcbf
- SSDEEP
  
  3072:OjYHn3SPvpHYEeld7TH4QU7Xhuf0JU5ABHRoM6ASp6SmDRy7Rfd:X3SPvlRe3THNgxu8MgHRoM6AapcRWRfd
Score

1^/10
behavioral17 behavioral18
- Target
  
  $INTERNET_CACHE/Described
- Size
  
  263KB
- MD5
  
  f1286872482cc01ad953fdf7a6078112
- SHA1
  
  f75d26b2a86636c0a61baae22d25d288dbcccab0
- SHA256
  
  46125839b1cfdeb89fa122d864b4e77f2d127c8fd131a85a3a5b91e63a53d8e6
- SHA512
  
  f18cf6d7fb1521d1e24199dfd0206a9e9a33106c05253244d477d79c450e3a3bbea813a0e0c6aaf1ad619f9ef648f500766f1a17b4593ae190fabdbbac50fc65
- SSDEEP
  
  3072:yHi8vbf2OqoMAOKX3YaQSD24EhNJim9jDgAIpMF1:yHi8vbfnqFeih4EJdDyMF1
Score

1^/10
behavioral19 behavioral20
- Target
  
  $INTERNET_CACHE/Eur
- Size
  
  140B
- MD5
  
  954ccebe08b75b1af49d3a5ee1cd09d8
- SHA1
  
  87dcbb6a14774ff7063de0c8c0ff84a4cd978c64
- SHA256
  
  be808221c99cb66dc7fd42d0d8e5f456cee629f1c118d9062106a38f9787ea0e
- SHA512
  
  e1afe59437d7c9c10119d935118b1a68bb8b751422edd89a8c0080f0ba47301cb761972ad80332e943e32012afbfa67cffe1e2152bff8de9b5a05cc83aa59d74
Score

1^/10
behavioral21 behavioral22
- Target
  
  $INTERNET_CACHE/Guide
- Size
  
  205KB
- MD5
  
  de66103fc48d413341fee6828f58af31
- SHA1
  
  6305da2cbc836f96da4d5cf1d103452822bc1a54
- SHA256
  
  16be4ecd9292aa21bf9a77e3096b4d7c9b93e4e5d05fbe26106bfa570b00a396
- SHA512
  
  9396b56a845e0ee3c2d1f5d851c3831a67360ef788dbd385b9fc52eb94b5b78e9cfef2a40f1d711cf3450aab3e5dfd111507255d48b197e257de22056c34b44c
- SSDEEP
  
  3072:lXHPE7rVr/xHtvrW55A97ddU7KBJrYDKFx5VhCDVD:xvE71/xNzW55ABcKgDKFvWh
Score

1^/10
behavioral23 behavioral24
- Target
  
  $INTERNET_CACHE/Hits
- Size
  
  217KB
- MD5
  
  11815cd92193f2f35db09a5f34561309
- SHA1
  
  a5646e9d0d4e62556f7d954b4434090a56f0cc7f
- SHA256
  
  6655e68936ab94ab845b5b21cd8e517a46913f2be347a2be8a62ecf40cffd1f2
- SHA512
  
  59d5ca7952c6f863deeb3ed95d4b7a28376bdcc50f4b899c53230b075fc5aba68b636f7dc2328898f8cc5c17abae7fef3c6756e149b8896acf5686021e2aeacc
- SSDEEP
  
  3072:bt1hQ1RATaQLP+kHmFUn9hGKWw665aRoMmKnKeT+o:x+RAT1jxHmFUHGKWw6FMKKeTj
Score

1^/10
behavioral25 behavioral26
- Target
  
  $INTERNET_CACHE/Hoped
- Size
  
  19KB
- MD5
  
  b5103ed1b8010473bb83ab16923d85ca
- SHA1
  
  f58d3f609a20bb2185954eea5e64b18d573eb298
- SHA256
  
  9dcddbf66c1b70f3225a010b1bd1a320b3b445c1a0dee2c74f092f31f988c101
- SHA512
  
  0b4b15e8c7b25796493a177cd04405a0d0c0e99e3283774efa1e477c28bf35772d17b395abbf823a2b2f90549b19fd061cbfe082b00fec152960a8ed59223fba
- SSDEEP
  
  384:iQJ0vvscdRVB3TT9/Xqu9A7/qK1oHjBHX2fJyqUiiosF3djLXivtZBv55KBJc8nC:iQFcdRDrADq+MjC9pYNvaX6BJc8nkJ5x
Score

1^/10
behavioral27 behavioral28
- Target
  
  $INTERNET_CACHE/Medicine
- Size
  
  224KB
- MD5
  
  a7b9e7aa8943928af02a6b21e93b3bc5
- SHA1
  
  ee54426341cf4b6f81b962b013c2a7f662a29369
- SHA256
  
  48f4938fc7a4b2e5bcb870eba2187cadbe938dcb21f3da39fceaf5b1bea47c4f
- SHA512
  
  0adb72160d0bfbb0f27cd64cc93bc57b4d04c585b2c5e613fec8dbfd7ddb12a39a9b1046e5810d666c2e5912453df6d3f685aa2116cb5e1ebc77d3fe0609317d
- SSDEEP
  
  3072:vCV26MqgQTc5F446iYNpK5SB7BJBzLZDKJtIs8di/37EM/j2xQeixr:vi2VWTyFsJ8gNJBnGtINsegr
Score

1^/10
behavioral29 behavioral30
- Target
  
  $INTERNET_CACHE/Streets
- Size
  
  295KB
- MD5
  
  92897ca972c8328557aa9d6f34257105
- SHA1
  
  a6e1cfd843ecf7017b49b2a281d3845b13918732
- SHA256
  
  0092c859a2248d4a599c35c4f73efab114bb6eae12fbf00252718660d425bd60
- SHA512
  
  0933838b2ff27a123d3835d659e46d41b98727b3cd64e262a76b5de445528b680c3980272b2c03a6d982d7ac8eff605a4da2cc73b4be902231468b93fc142bea
- SSDEEP
  
  6144:1q6bPRAEoq3QmV78zkA32JSKZxfKbNz9b+wq7k:13SqzyzwJfZxfKbV9bJB
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Process Discovery

T1057

Remote System Discovery

T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Suspicious use of NtCreateUserProcessOtherParentProcess

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32