risepro | 9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9ac899e08b...63.exe

windows7-x64

9ac899e08b...63.exe

windows10-2004-x64

Sharing

General

Target

9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263.exe
Size

3.9MB
Sample

240417-cdhryaca9t
MD5

2fb33c498f66aa47b719d3b9345e35ba
SHA1

b7591feab49bc5b58a313fe45213f91df6c2980a
SHA256

9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263
SHA512

e0ec93588e92fbc716d0c9761beac85fbcdd7a912a3ae9844c38e3323ad17fb40a19abaf82a5b49d0f65f0aaa6085b3e139e7e25325e0a60821b0db4f50862a7
SSDEEP

98304:/HFySxnKY0EvQZn2xJzOeS3bG34EVGR7q/0iRmyc3rea:/HFySxKgqn2TOeybq4NR7UHgrH

Score

10^/10

risepro evasion stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263.exe

Resource

win7-20240220-en

risepro evasion stealer trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263.exe

Resource

win10v2004-20240412-en

risepro evasion stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

- Target
  
  9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263.exe
- Size
  
  3.9MB
- MD5
  
  2fb33c498f66aa47b719d3b9345e35ba
- SHA1
  
  b7591feab49bc5b58a313fe45213f91df6c2980a
- SHA256
  
  9ac899e08b378dd2b4e5169c01597c988cf2a1396b5dfab12e97cb46156b0263
- SHA512
  
  e0ec93588e92fbc716d0c9761beac85fbcdd7a912a3ae9844c38e3323ad17fb40a19abaf82a5b49d0f65f0aaa6085b3e139e7e25325e0a60821b0db4f50862a7
- SSDEEP
  
  98304:/HFySxnKY0EvQZn2xJzOeS3bG34EVGR7q/0iRmyc3rea:/HFySxKgqn2TOeybq4NR7UHgrH
Score

10^/10

risepro evasion stealer trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Detects executables built or packed with MPress PE compressor
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealertrojan

behavioral2

riseproevasionstealertrojan

© 2018-2025

Terms | Privacy