risepro | e2fe410f8b5c9a9326173d51346f5da649991624d4cf6cb1f1ba832877740ded | Triage

Submit
Reports

Overview

overview

Static

static

3

RALibretro.exe

windows7-x64

1

RALibretro.exe

windows10-2004-x64

Sharing

General

Target

RALibretro.exe
Size

2.0MB
Sample

240622-d3gfvawckg
MD5

1c60ab41e8c4af6527b7060607b6d4bd
SHA1

97cf0c5c4a2af0b8d8128b940a93e0ae3d87608e
SHA256

e2fe410f8b5c9a9326173d51346f5da649991624d4cf6cb1f1ba832877740ded
SHA512

9b5a20dbb683e311fccb32535b26059a2a46a7095b08754f9f8a8d12b5fd6b7eaed0d44f7269b21f4e2d27fe787d824a6acf9817be54e91d2845229305ef4e0c
SSDEEP

12288:1wm9iy4agcuke6fninnDJB8wCq+TaI0Y60tcFhn9q6aQNwh+rjfmOP8JUQ5ofzG:f9iy4agufnMFBJClaI0Y6vDq2fz2I

Score

10^/10

risepro discovery persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

RALibretro.exe

Resource

win7-20240419-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

RALibretro.exe

Resource

win10v2004-20240611-en

risepro discovery persistence stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  RALibretro.exe
- Size
  
  2.0MB
- MD5
  
  1c60ab41e8c4af6527b7060607b6d4bd
- SHA1
  
  97cf0c5c4a2af0b8d8128b940a93e0ae3d87608e
- SHA256
  
  e2fe410f8b5c9a9326173d51346f5da649991624d4cf6cb1f1ba832877740ded
- SHA512
  
  9b5a20dbb683e311fccb32535b26059a2a46a7095b08754f9f8a8d12b5fd6b7eaed0d44f7269b21f4e2d27fe787d824a6acf9817be54e91d2845229305ef4e0c
- SSDEEP
  
  12288:1wm9iy4agcuke6fninnDJB8wCq+TaI0Y60tcFhn9q6aQNwh+rjfmOP8JUQ5ofzG:f9iy4agufnMFBJClaI0Y6vDq2fz2I
Score

10^/10

risepro discovery persistence stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

riseprodiscoverypersistencestealer

© 2018-2025

Terms | Privacy