risepro | f9cf92022ada8247d3b8225a3445a2a0aa3e1be46ab5e81d152efeb6f1260093 | Triage

Submit
Reports

Overview

overview

Static

static

7

0bd8b2ebf9...88.exe

windows7-x64

0bd8b2ebf9...88.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

0bd8b2ebf9a1bc6907c841eec9be6c88.exe
Size

2.0MB
Sample

240507-d22qdsbb48
MD5

0bd8b2ebf9a1bc6907c841eec9be6c88
SHA1

f6c38ecca4099515dfee5cd6c50367b1188a4d41
SHA256

f9cf92022ada8247d3b8225a3445a2a0aa3e1be46ab5e81d152efeb6f1260093
SHA512

868f04da6839d2f20a6bc252d6712743c725fa6c71ee7c18587358726154aa1722db0223880add47e7cebd39c18ea097492535703be1813591620e8c29b07c74
SSDEEP

49152:dUOApOsygF6CPGKqjqsMTlOFhIhc8KqEQuKFt:yl9ygcCPqj8kHSc8KlQuKFt

Score

10^/10

risepro evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0bd8b2ebf9a1bc6907c841eec9be6c88.exe

Resource

win7-20240221-en

risepro evasion stealer themida trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

0bd8b2ebf9a1bc6907c841eec9be6c88.exe

Resource

win10v2004-20240426-en

risepro evasion stealer themida trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

- Target
  
  0bd8b2ebf9a1bc6907c841eec9be6c88.exe
- Size
  
  2.0MB
- MD5
  
  0bd8b2ebf9a1bc6907c841eec9be6c88
- SHA1
  
  f6c38ecca4099515dfee5cd6c50367b1188a4d41
- SHA256
  
  f9cf92022ada8247d3b8225a3445a2a0aa3e1be46ab5e81d152efeb6f1260093
- SHA512
  
  868f04da6839d2f20a6bc252d6712743c725fa6c71ee7c18587358726154aa1722db0223880add47e7cebd39c18ea097492535703be1813591620e8c29b07c74
- SSDEEP
  
  49152:dUOApOsygF6CPGKqjqsMTlOFhIhc8KqEQuKFt:yl9ygcCPqj8kHSc8KlQuKFt
Score

10^/10

risepro evasion stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealerthemidatrojan

behavioral2

riseproevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy