General

  • Target

    Aurxra V6.exe

  • Size

    287.0MB

  • Sample

    240415-w8ylesff4t

  • MD5

    feaef80a175e24dbf45cb0f3561f4891

  • SHA1

    dd8652d5623aec0e0de66f50df8d75c3cb54e050

  • SHA256

    6b5c7a2136f31631e64960abe17dea5a4eccf9f40943f0f492bc397c8189d5a3

  • SHA512

    218c01e342aead4a1094ee57344d29ecde0fbe8216d270ba376344790e0202eaea161be52e183c5442a45b55c657cf8340b6f027288ceaf790069f111994101d

  • SSDEEP

    49152:Ght9sTkCObgYD//RcCHEDIpPmChB2iqUL7h5IGn:Ght9bCOblJcqIIJtMq5H

Score
10/10

Malware Config

Targets

    • Target

      Aurxra V6.exe

    • Size

      287.0MB

    • MD5

      feaef80a175e24dbf45cb0f3561f4891

    • SHA1

      dd8652d5623aec0e0de66f50df8d75c3cb54e050

    • SHA256

      6b5c7a2136f31631e64960abe17dea5a4eccf9f40943f0f492bc397c8189d5a3

    • SHA512

      218c01e342aead4a1094ee57344d29ecde0fbe8216d270ba376344790e0202eaea161be52e183c5442a45b55c657cf8340b6f027288ceaf790069f111994101d

    • SSDEEP

      49152:Ght9sTkCObgYD//RcCHEDIpPmChB2iqUL7h5IGn:Ght9bCOblJcqIIJtMq5H

    Score
    10/10
    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks