Malware Analysis Report

2024-10-10 11:58

Sample ID 240615-mg2pbsxbqh
Target b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8
SHA256 b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8
Tags
risepro stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8

Threat Level: Known bad

The file b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8 was found to be: Known bad.

Malicious Activity Summary

risepro stealer

RisePro

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-15 10:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 10:26

Reported

2024-06-15 10:29

Platform

win7-20240611-en

Max time kernel

146s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe"

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe

"C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe"

Network

N/A

Files

memory/3052-1-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-0-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-2-0x00000000017D4000-0x0000000001872000-memory.dmp

memory/3052-4-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-5-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-6-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-7-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-8-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-9-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-10-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-11-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-12-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-13-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-14-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-15-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-16-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-17-0x0000000001340000-0x0000000001872000-memory.dmp

memory/3052-18-0x0000000001340000-0x0000000001872000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 10:26

Reported

2024-06-15 10:29

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe"

Signatures

RisePro

stealer risepro

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe

"C:\Users\Admin\AppData\Local\Temp\b2e10fbcc4b351a204e5da28d6e52d4b898a90bf95a67bfec960ed31f72c68e8.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp

Files

memory/1336-0-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-1-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-2-0x0000000001104000-0x00000000011A2000-memory.dmp

memory/1336-4-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-5-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-6-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-7-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-8-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-9-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-10-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-11-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-12-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-13-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-14-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-15-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-16-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-17-0x0000000000C70000-0x00000000011A2000-memory.dmp

memory/1336-18-0x0000000000C70000-0x00000000011A2000-memory.dmp