risepro | 5e389a2e8fbdc4cbeb1217e74f1ce0c144844a941a017c5f1a2dfa9b3a5ee02d | Triage

Submit
Reports

Overview

overview

Static

static

7

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

5e389a2e8fbdc4cbeb1217e74f1ce0c144844a941a017c5f1a2dfa9b3a5ee02d
Size

2.1MB
Sample

240428-bqfmnsch27
MD5

553a3c99285a851361f7fd43e9140480
SHA1

77a02b8a590dfbe61a566b43a5175d4505dcd8f1
SHA256

5e389a2e8fbdc4cbeb1217e74f1ce0c144844a941a017c5f1a2dfa9b3a5ee02d
SHA512

2c7aeed519687daf9d8db086dbeb569b3183be83331d1bb35b8b7203666dce36525bd0dae7577778d5a164202e9cc644d2c78c34a832be307d48413ad072ff69
SSDEEP

49152:/LCAL3cSktOJTDy6Lqp81l8cdrBGujLMJ0xReGpGrJEJaDPce:jCALRTD/LqUBhjYGxReuSDDPb

Score

10^/10

risepro evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5e389a2e8fbdc4cbeb1217e74f1ce0c144844a941a017c5f1a2dfa9b3a5ee02d.exe

Resource

win10v2004-20240419-en

risepro evasion stealer themida trojan

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

5e389a2e8fbdc4cbeb1217e74f1ce0c144844a941a017c5f1a2dfa9b3a5ee02d.exe

Resource

win11-20240419-en

risepro evasion stealer themida trojan

windows11-21h2-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e389a2e8fbdc4cbeb1217e74f1ce0c144844a941a017c5f1a2dfa9b3a5ee02d
- Size
  
  2.1MB
- MD5
  
  553a3c99285a851361f7fd43e9140480
- SHA1
  
  77a02b8a590dfbe61a566b43a5175d4505dcd8f1
- SHA256
  
  5e389a2e8fbdc4cbeb1217e74f1ce0c144844a941a017c5f1a2dfa9b3a5ee02d
- SHA512
  
  2c7aeed519687daf9d8db086dbeb569b3183be83331d1bb35b8b7203666dce36525bd0dae7577778d5a164202e9cc644d2c78c34a832be307d48413ad072ff69
- SSDEEP
  
  49152:/LCAL3cSktOJTDy6Lqp81l8cdrBGujLMJ0xReGpGrJEJaDPce:jCALRTD/LqUBhjYGxReuSDDPb
Score

10^/10

risepro evasion stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

riseproevasionstealerthemidatrojan

behavioral2

riseproevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy