risepro | 54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
Size

8.3MB
Sample

240425-197ypsfh78
MD5

64b25f16d49a37f436c63e1775b198da
SHA1

804da5dffaf421cb29adc2db00a0b4320b043aba
SHA256

54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
SHA512

e23b748fdfe9398829f49fddb920c736afc6f97091a676a0e10a4f5f87c55e9c758459390157d16a765967103e734be0341482b449d378b34cdeb28bff394a19
SSDEEP

196608:S3N/DIuePUUHrzIlczP7BnjKqgQctFUn3Bf+IL0WmF1Vt:Sd/DIzcUHraKP7BjRgQf3VgfVt

Score

10^/10

risepro evasion stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d.exe

Resource

win7-20240221-en

risepro evasion stealer trojan

windows7-x64

6 signatures

300 seconds

Behavioral task

behavioral2

Sample

54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d.exe

Resource

win10-20240404-en

risepro evasion stealer trojan

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

- Target
  
  54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
- Size
  
  8.3MB
- MD5
  
  64b25f16d49a37f436c63e1775b198da
- SHA1
  
  804da5dffaf421cb29adc2db00a0b4320b043aba
- SHA256
  
  54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d
- SHA512
  
  e23b748fdfe9398829f49fddb920c736afc6f97091a676a0e10a4f5f87c55e9c758459390157d16a765967103e734be0341482b449d378b34cdeb28bff394a19
- SSDEEP
  
  196608:S3N/DIuePUUHrzIlczP7BnjKqgQctFUn3Bf+IL0WmF1Vt:Sd/DIzcUHraKP7BjRgQf3VgfVt
Score

10^/10

risepro evasion stealer trojan
- Detects DLL dropped by Raspberry Robin.
  Raspberry Robin.
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealertrojan

behavioral2

riseproevasionstealertrojan

© 2018-2025

Terms | Privacy