Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263.exe

  • Size

    3.9MB

  • Sample

    240417-cdhryaca9t

  • MD5

    2fb33c498f66aa47b719d3b9345e35ba

  • SHA1

    b7591feab49bc5b58a313fe45213f91df6c2980a

  • SHA256

    9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263

  • SHA512

    e0ec93588e92fbc716d0c9761beac85fbcdd7a912a3ae9844c38e3323ad17fb40a19abaf82a5b49d0f65f0aaa6085b3e139e7e25325e0a60821b0db4f50862a7

  • SSDEEP

    98304:/HFySxnKY0EvQZn2xJzOeS3bG34EVGR7q/0iRmyc3rea:/HFySxKgqn2TOeybq4NR7UHgrH

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

    • Target

      9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263.exe

    • Size

      3.9MB

    • MD5

      2fb33c498f66aa47b719d3b9345e35ba

    • SHA1

      b7591feab49bc5b58a313fe45213f91df6c2980a

    • SHA256

      9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263

    • SHA512

      e0ec93588e92fbc716d0c9761beac85fbcdd7a912a3ae9844c38e3323ad17fb40a19abaf82a5b49d0f65f0aaa6085b3e139e7e25325e0a60821b0db4f50862a7

    • SSDEEP

      98304:/HFySxnKY0EvQZn2xJzOeS3bG34EVGR7q/0iRmyc3rea:/HFySxKgqn2TOeybq4NR7UHgrH

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Detects executables built or packed with MPress PE compressor

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks