privateloader | d210b038c83af1db1e65d2531b094451830722acaacbecce0048b62a4aa68c25 | Triage

Sharing

General

Target

d210b038c83af1db1e65d2531b094451830722acaacbecce0048b62a4aa68c25
Size

3.0MB
Sample

240502-gwyy4adb87
MD5

9244c9152a1da8e7b2d5760c7312b65e
SHA1

fd5ee2bd38f508872ba2f1c32092713153aff99d
SHA256

d210b038c83af1db1e65d2531b094451830722acaacbecce0048b62a4aa68c25
SHA512

3126e3782408af44bc4598670cb43e65cdc6b1a7a7a84c2974aaaef590c396c39a6ed533adbf2aedac0568c1d7a729c916d9362e76cd666eaa64f392d13c430b
SSDEEP

49152:odQJdpyT6EmAWwOwTQdni6e/JKmdsFv/7nXTF5aXNVaBoqT24Ni/VM8apcTpe:odMdpIfWwITEKmWRLTF8/X/CIo

Score

10^/10

privateloader risepro loader persistence stealer vmprotect

Malware Config

Extracted

Family

risepro

C2

194.169.175.128

Targets

- Target
  
  d210b038c83af1db1e65d2531b094451830722acaacbecce0048b62a4aa68c25
- Size
  
  3.0MB
- MD5
  
  9244c9152a1da8e7b2d5760c7312b65e
- SHA1
  
  fd5ee2bd38f508872ba2f1c32092713153aff99d
- SHA256
  
  d210b038c83af1db1e65d2531b094451830722acaacbecce0048b62a4aa68c25
- SHA512
  
  3126e3782408af44bc4598670cb43e65cdc6b1a7a7a84c2974aaaef590c396c39a6ed533adbf2aedac0568c1d7a729c916d9362e76cd666eaa64f392d13c430b
- SSDEEP
  
  49152:odQJdpyT6EmAWwOwTQdni6e/JKmdsFv/7nXTF5aXNVaBoqT24Ni/VM8apcTpe:odMdpIfWwITEKmWRLTF8/X/CIo
Score

10^/10

privateloader risepro loader persistence stealer vmprotect
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Drops startup file
- Loads dropped DLL
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderriseproloaderpersistencestealervmprotect

behavioral2

privateloaderriseproloaderpersistencestealervmprotect