risepro | fca76f40550256c7a1cdbb342fcd5e15b05a56ae214ea80cc2288f12e4257418 | Triage

Sharing

General

Target

OfferedBuilt.exe
Size

2.3MB
Sample

240625-p5rkda1cnh
MD5

00614852dbe5c98d84c4501702d04e93
SHA1

9d241403a7f438b9d14be0da70dc0089791f0971
SHA256

fca76f40550256c7a1cdbb342fcd5e15b05a56ae214ea80cc2288f12e4257418
SHA512

01403d2624044a646bbea613f93771aceb1b0466f13643b33ffc40c7d8add6744cb1401b26c921a3c0208050d6b3a6d57c22890472835a7a3875dae50c18b911
SSDEEP

49152:2gJmZT23J+d5Q2gri9yVZpRxmzaL10JTM3lc/ncyh11+Ja:nJmU+vZgrxBmzah0JEJM

Score

10^/10

risepro stealer

Malware Config

Targets

- Target
  
  OfferedBuilt.exe
- Size
  
  2.3MB
- MD5
  
  00614852dbe5c98d84c4501702d04e93
- SHA1
  
  9d241403a7f438b9d14be0da70dc0089791f0971
- SHA256
  
  fca76f40550256c7a1cdbb342fcd5e15b05a56ae214ea80cc2288f12e4257418
- SHA512
  
  01403d2624044a646bbea613f93771aceb1b0466f13643b33ffc40c7d8add6744cb1401b26c921a3c0208050d6b3a6d57c22890472835a7a3875dae50c18b911
- SSDEEP
  
  49152:2gJmZT23J+d5Q2gri9yVZpRxmzaL10JTM3lc/ncyh11+Ja:nJmU+vZgrxBmzah0JEJM
Score

10^/10

risepro stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4