risepro | 87dc8a31b38e584652dbbea9996dcbff96599dac087b5b48d74b02f4af9b0d86 | Triage

Sharing

General

Target

by RRyos [GoddyXpl0its].zip
Size

8.9MB
Sample

240411-ng8cjsde8s
MD5

5dab6d05600aa9a4a8e65fe3a51c73c3
SHA1

05908e4690b74bf771eda6d35af36c185241bc99
SHA256

87dc8a31b38e584652dbbea9996dcbff96599dac087b5b48d74b02f4af9b0d86
SHA512

e769a2b20d8967c4fd11b2801053e11fc4f0812a7c56053cc07dde7715dc11a5447f7fd50411f6ef153a921957f21a19cfb3f99c866d0f4ccb6d676ce5934636
SSDEEP

196608:VMnUiG7Cxjdqsfs9V5bbJjpohW36O4oNeXJoji0VYFp5K8:VMng7CxjdqxVdbYm6jAe+urFpt

Score

10^/10

risepro cryptone packer stealer

Malware Config

Targets

- Target
  
  A0RORA/A0RORA V4.exe
- Size
  
  287.0MB
- MD5
  
  3b036c9d3c85bdb64cc993b601a20b90
- SHA1
  
  36c4b09f2a39d690780ab1af125657c294c63a61
- SHA256
  
  43afb96682ead6ea83d7af10c031e950711261a93768ff654d38939592430ab5
- SHA512
  
  14620d0b690f7cb04456f59e9c61d6bb98139ed1b01c234ae16e33bd624ae6d18eb67cd52705d96f839eb6c4c42142017e3ff897c00d18025b8c3f5c8ce93f75
- SSDEEP
  
  24576:ebqrNtz57KF0j6wvp6mRvQtguzIOJ1XE9+ofqYwWVDk5uL9I2aas0OMdK:kI3Nq02IfRvruz7E9+ofqADlLu2oVM
Score

10^/10

risepro stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $INTERNET_CACHE/Classical
- Size
  
  235KB
- MD5
  
  eaf385cdf1314e338da96bb238f75b01
- SHA1
  
  2d6c7d5e4564e782bba21fea45669be4caf2fa96
- SHA256
  
  bad782e8dd1a95af87f67c7dcc036d62d3bbc8a47fa3384ce9883eb2f36ecca1
- SHA512
  
  41b9d8096870dcaa51fba676238297a12c46cfe3a6ab2f84f95b10b606b7ae56775c40ab75df268f0fb3795fe82a9fb3e668069de4142f04b9191d947dc4c3fd
- SSDEEP
  
  3072:dHemsIqQVUHwtwP9Xzm9onM/0UeXprNWRz9onM/0UrhkcjGjyiIZyxiY/1H3uGzo:Bgc4iwHF8gETgEX+Y
Score

1^/10
behavioral3 behavioral4
- Target
  
  A0RORA/scripts/scripts.dll
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Process Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6