risepro | 45babf429230f0a0bad119aa47fab5820de9b4af3996340000376409c448a169 | Triage

Submit
Reports

Overview

overview

Static

static

7

d0eff53cfd...20.exe

windows7-x64

d0eff53cfd...20.exe

windows10-2004-x64

Sharing

General

Target

de584dd4970a8099454611ee0c739ea8.bin
Size

3.1MB
Sample

240622-eb2hdazgqk
MD5

8f55070b863703b1d52edd4b76d32812
SHA1

2dcfddc9467451f652b27541b999cf1d2f1aa70f
SHA256

45babf429230f0a0bad119aa47fab5820de9b4af3996340000376409c448a169
SHA512

da8f5e480d63d836aa0daf8b3a362f2d339782b932580242fb4c6dd50a19120ad76a987ef8d9c763a255912379132c6760a157f0434bc0d82d35515cec74a631
SSDEEP

49152:NwDhLYmFROiaUINT9smiRKdrYMhcKpE4lVLQlxWyoWjHIL0oSz0:NySiaVK6rNcKpE0Ql0cjHG0Q

Score

10^/10

risepro evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d0eff53cfd30f061451987b4e98205d81f9495e8f26def46aec15f7a4c171c20.exe

Resource

win7-20240220-en

risepro evasion stealer themida trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

d0eff53cfd30f061451987b4e98205d81f9495e8f26def46aec15f7a4c171c20.exe

Resource

win10v2004-20240611-en

risepro evasion stealer themida trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

- Target
  
  d0eff53cfd30f061451987b4e98205d81f9495e8f26def46aec15f7a4c171c20.exe
- Size
  
  3.1MB
- MD5
  
  de584dd4970a8099454611ee0c739ea8
- SHA1
  
  f22fe3bfb22b55d1f0dc2fd802a32d2beb157e0b
- SHA256
  
  d0eff53cfd30f061451987b4e98205d81f9495e8f26def46aec15f7a4c171c20
- SHA512
  
  58470ab84c35022860036cb5dfdccec9bb1f1ebea37e4745efc70c464e2ffb9b9835a1251cdf76c012f56dd0a72a4d448b0ac298da02f4676ebcccc03b2a0b76
- SSDEEP
  
  98304:t+VDlD+ah2X5f2CiioP8peU/Ju4+iU2lfOZy81+1l:AnZYuTcRxuZiUiW9+1l
Score

10^/10

risepro evasion stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealerthemidatrojan

behavioral2

riseproevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy