risepro | 976137409e5d45839870a834b4b06bd46495a39d216bb0f31f1f0370fe1b5d94 | Triage

Resubmissions

25-06-2024 11:10

240625-m9r1layhkk 10

Sharing

General

Target

QuizPokemon.exe
Size

2.3MB
Sample

240625-m9r1layhkk
MD5

814ff8b10d8641b03fcf1e9efc1005bf
SHA1

25cb52ef822cf0077a11278d936569ed5f5d92d4
SHA256

976137409e5d45839870a834b4b06bd46495a39d216bb0f31f1f0370fe1b5d94
SHA512

4426e9d8f799cdd7b05fa7c40a4bb62d0b95e95a280d85dd7aaf808aabdd4752fd2621e6d073cd881c0176ef2b72a270a79d9a45f18da357d75c1e7dc084bc12
SSDEEP

49152:Qg2wVptJl9PSgu4zNdH4aZI1vq/j0gBVI2azDaKIk5sJd8FB7TVysFP:NXd9P+4ZdHjIS0gBSDXInr8L7xFP

Score

10^/10

risepro stealer

Malware Config

Targets

- Target
  
  QuizPokemon.exe
- Size
  
  2.3MB
- MD5
  
  814ff8b10d8641b03fcf1e9efc1005bf
- SHA1
  
  25cb52ef822cf0077a11278d936569ed5f5d92d4
- SHA256
  
  976137409e5d45839870a834b4b06bd46495a39d216bb0f31f1f0370fe1b5d94
- SHA512
  
  4426e9d8f799cdd7b05fa7c40a4bb62d0b95e95a280d85dd7aaf808aabdd4752fd2621e6d073cd881c0176ef2b72a270a79d9a45f18da357d75c1e7dc084bc12
- SSDEEP
  
  49152:Qg2wVptJl9PSgu4zNdH4aZI1vq/j0gBVI2azDaKIk5sJd8FB7TVysFP:NXd9P+4ZdHjIS0gBSDXInr8L7xFP
Score

10^/10

risepro stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4