Overview

overview

10

Static

static

3

15634bc356...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15634bc356356836d1ad708c207d28b0_NeikiAnalytics.exe

  • Size

    1.9MB

  • Sample

    240527-ys45dahe39

  • MD5

    15634bc356356836d1ad708c207d28b0

  • SHA1

    053a164ecd4e758fa641a2d679bc410fc5e424eb

  • SHA256

    1d1b24f346602e2379272d189cb2e6e1b03f832a0f4cef4aa550aeda03407c2d

  • SHA512

    7252f11cb2e65e1daa76080dc12c5427b7fbb5b6ae3a09d77dacdf4bde4d1bed80c70fee060eb32b16946314df58f3f2660c6b3fde23dabec4ab3aeffc41b0cf

  • SSDEEP

    49152:uE0IsdjOXgjEaZIEmmKwGvF2ZKzaAiLHOnwVoKhT74:aPjOXljN2Z4aAi3VoKhT74

Score
10/10
privateloaderriseproloaderpersistencestealer

Malware Config

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      15634bc356356836d1ad708c207d28b0_NeikiAnalytics.exe

    • Size

      1.9MB

    • MD5

      15634bc356356836d1ad708c207d28b0

    • SHA1

      053a164ecd4e758fa641a2d679bc410fc5e424eb

    • SHA256

      1d1b24f346602e2379272d189cb2e6e1b03f832a0f4cef4aa550aeda03407c2d

    • SHA512

      7252f11cb2e65e1daa76080dc12c5427b7fbb5b6ae3a09d77dacdf4bde4d1bed80c70fee060eb32b16946314df58f3f2660c6b3fde23dabec4ab3aeffc41b0cf

    • SSDEEP

      49152:uE0IsdjOXgjEaZIEmmKwGvF2ZKzaAiLHOnwVoKhT74:aPjOXljN2Z4aAi3VoKhT74

    Score
    10/10
    privateloaderriseproloaderpersistencestealer

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

      loaderprivateloader

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks