General

  • Target

    dc2e4911cc11485e4cc2d089a9a755a0_NEIKI

  • Size

    1.3MB

  • Sample

    240509-dtcfjaae36

  • MD5

    dc2e4911cc11485e4cc2d089a9a755a0

  • SHA1

    c3842581e2f237f3bbb6139000ecb75adc71ef63

  • SHA256

    11bd9e6dbe28c3a630d41775a2499aae0be31ea2378d2d228bd4fafa788c6575

  • SHA512

    afb59a4c5ccf321a6095de4c6e9b766b329b6bb30801f946c0e5da24263f64bc1161210c6bb8add36fff0bae0ed899cc6d731e96a6f42f0e21d2c7e0b7788716

  • SSDEEP

    24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJZrU35Zln2i6:8dw/IyPxbgp2iB1Pju3TRrK5Zln2i6

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      dc2e4911cc11485e4cc2d089a9a755a0_NEIKI

    • Size

      1.3MB

    • MD5

      dc2e4911cc11485e4cc2d089a9a755a0

    • SHA1

      c3842581e2f237f3bbb6139000ecb75adc71ef63

    • SHA256

      11bd9e6dbe28c3a630d41775a2499aae0be31ea2378d2d228bd4fafa788c6575

    • SHA512

      afb59a4c5ccf321a6095de4c6e9b766b329b6bb30801f946c0e5da24263f64bc1161210c6bb8add36fff0bae0ed899cc6d731e96a6f42f0e21d2c7e0b7788716

    • SSDEEP

      24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJZrU35Zln2i6:8dw/IyPxbgp2iB1Pju3TRrK5Zln2i6

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks