risepro | 4efdae419cd6ff29897612e8120c30cc78d947ca0bfec23646d6208b3758c962 | Triage

Submit
Reports

Overview

overview

Static

static

7

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

4efdae419cd6ff29897612e8120c30cc78d947ca0bfec23646d6208b3758c962
Size

3.3MB
Sample

240624-f1dchs1fqn
MD5

1c8509719a1c72db8addc669dd4c68bd
SHA1

6d85832317d36a4f2190768fa8f3c141a3ac6d1b
SHA256

4efdae419cd6ff29897612e8120c30cc78d947ca0bfec23646d6208b3758c962
SHA512

bded8248e35fbe21f6e3e00d3c3a411e821c0b4d8c4f4dcea48a8fa4bf6fe4e204feca15ff0f21fdf8ec1bf071dc183d65bf2c32df9e8ed65b04e45e614ef918
SSDEEP

98304:FyLQ961AQnMJXYa7zi+BfmYXha6Bm08CllKlU:r9EA+MJXvi+BM6s07llKi

Score

10^/10

risepro evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4efdae419cd6ff29897612e8120c30cc78d947ca0bfec23646d6208b3758c962.exe

Resource

win7-20240508-en

risepro evasion stealer themida trojan

windows7-x64

5 signatures

300 seconds

Behavioral task

behavioral2

Sample

4efdae419cd6ff29897612e8120c30cc78d947ca0bfec23646d6208b3758c962.exe

Resource

win10-20240404-en

risepro evasion stealer themida trojan

windows10-1703-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

risepro

C2

77.91.77.66:58709

Targets

- Target
  
  4efdae419cd6ff29897612e8120c30cc78d947ca0bfec23646d6208b3758c962
- Size
  
  3.3MB
- MD5
  
  1c8509719a1c72db8addc669dd4c68bd
- SHA1
  
  6d85832317d36a4f2190768fa8f3c141a3ac6d1b
- SHA256
  
  4efdae419cd6ff29897612e8120c30cc78d947ca0bfec23646d6208b3758c962
- SHA512
  
  bded8248e35fbe21f6e3e00d3c3a411e821c0b4d8c4f4dcea48a8fa4bf6fe4e204feca15ff0f21fdf8ec1bf071dc183d65bf2c32df9e8ed65b04e45e614ef918
- SSDEEP
  
  98304:FyLQ961AQnMJXYa7zi+BfmYXha6Bm08CllKlU:r9EA+MJXvi+BM6s07llKi
Score

10^/10

risepro evasion stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealerthemidatrojan

behavioral2

riseproevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy