Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d

  • Size

    8.3MB

  • Sample

    240425-197ypsfh78

  • MD5

    64b25f16d49a37f436c63e1775b198da

  • SHA1

    804da5dffaf421cb29adc2db00a0b4320b043aba

  • SHA256

    54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d

  • SHA512

    e23b748fdfe9398829f49fddb920c736afc6f97091a676a0e10a4f5f87c55e9c758459390157d16a765967103e734be0341482b449d378b34cdeb28bff394a19

  • SSDEEP

    196608:S3N/DIuePUUHrzIlczP7BnjKqgQctFUn3Bf+IL0WmF1Vt:Sd/DIzcUHraKP7BjRgQf3VgfVt

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

    • Target

      54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d

    • Size

      8.3MB

    • MD5

      64b25f16d49a37f436c63e1775b198da

    • SHA1

      804da5dffaf421cb29adc2db00a0b4320b043aba

    • SHA256

      54216089caced6f6d45d6a35dcc47b5640b847d6b3a136d005a73e79c765443d

    • SHA512

      e23b748fdfe9398829f49fddb920c736afc6f97091a676a0e10a4f5f87c55e9c758459390157d16a765967103e734be0341482b449d378b34cdeb28bff394a19

    • SSDEEP

      196608:S3N/DIuePUUHrzIlczP7BnjKqgQctFUn3Bf+IL0WmF1Vt:Sd/DIzcUHraKP7BjRgQf3VgfVt

    • Detects DLL dropped by Raspberry Robin.

      Raspberry Robin.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks