risepro

Sharing

Copy URL

Twitter E-mail

General

Target

archive.rar
Size

17.7MB
Sample

240702-wkqkxavaph
MD5

9d10f6f08ae1cc016c10b09007063417
SHA1

9b440d571937c06865d148d05eac86d7bbb1d3ea
SHA256

ce4d3cfc167dc8234d14cf91e20131b2c2fc10793a5aab4a76d1cd6a793dcf88
SHA512

7ff1e08754df7d59d8d891c2b3b5d9b813f4834f33033d0998efd241374a4c65718aa8c0439c4c4c8fa767663ea19c7f286f24793ff48e07003fb8748b86830d
SSDEEP

393216:haC3cy3EcC7LniVNZGfmpuoMv6uT9UXzcb+m+wtEVPK:hJ9xC7jievv6uRUXgiXwT

Score

10^/10

Malware Config

Targets

- Target
  
  ResIL.dll
- Size
  
  1.4MB
- MD5
  
  ee360e256e2b836865cf02a6bdd9e5be
- SHA1
  
  cd5118ed4363d7fc0027133622dddb37e1c6bbe6
- SHA256
  
  f9be6aea3b674a79872683a6622c3ba77fe628f5a2e7f0a000d379e2a0318310
- SHA512
  
  3fe6b9fbddcf402ebdebbd4bcfbb3a8d4632bb576dcb44246c1e248076c1f09e6926448217ca724d4febc8fc879838d0d378eb7cc9d1922381acf093ee2a680e
- SSDEEP
  
  24576:NL18jX6HrufWRTVl5DzapRdSdRBgF6MP70D16OAGZvEjm5YgWj55Tr52AaUzhW:fr2eVD9dRBgOv+mYTF2AaUA
Score

3^/10
behavioral1 behavioral2
- Target
  
  libGLESv2.dll
- Size
  
  4.4MB
- MD5
  
  e307e977ebb1df8ba0957a412425ed23
- SHA1
  
  e024a7a81e7f485058fec40fd0a745f0d7aecb1e
- SHA256
  
  af4f66e79e0cc1e4254f023cfb7f0140561c7d4e38d9bcf6184e8e69b32540db
- SHA512
  
  ab5f5beb80915385aea4b62337178c6dfa964edfb7e20c22d364c99cd323fa50df9e2c640d7850765e5a683a07034d6be8f61f47f06a8d1ee1f594da804e6def
- SSDEEP
  
  49152:PnBb2OR3KPf/Et3msx8M+TsZ2idR/O0zql9Kgtg6QMsWFxtqhk/bivfhjgrQuIEt:h5qc/622iLAv1NQcoa/bY3g
Score

3^/10
behavioral3 behavioral4
- Target
  
  res_mods/1.23.0.0/scripts/client/gui/mods/7zA.exe
- Size
  
  722KB
- MD5
  
  43141e85e7c36e31b52b22ab94d5e574
- SHA1
  
  cfd7079a9b268d84b856dc668edbb9ab9ef35312
- SHA256
  
  ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d
- SHA512
  
  9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc
- SSDEEP
  
  12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq
Score

1^/10
behavioral5 behavioral6
- Target
  
  setup.exe
- Size
  
  795.4MB
- MD5
  
  91f540bb6689c4cd88d4336a0164d52c
- SHA1
  
  95561e3dbc6e8334a7fb17057683811bdfb0812d
- SHA256
  
  c1c100bfd2ccbe90489a0d6a961c928776e0b8ea6d4252f17d681183ae7bdd9f
- SHA512
  
  15f5091fd03711f21ee15b8c2c23167c182927b73a61541358970d5634578c65c2561869d76c7606beff350133ddc573a9d2282c7befea7bf843ba5124cd76d8
- SSDEEP
  
  98304:fq4qkxXgnZDkE3DsMCUrUSGgykKoDJkrht130JADnKf53eooUALG5:ygX0gYsMVVGHoDa713+InKkooUMO
Score

10^/10

risepro evasion stealer
- Modifies firewall policy service
  evasion
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral7 behavioral8
- Target
  
  update/Uninstall/unins000 — копия (10) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral10 behavioral9
- Target
  
  update/Uninstall/unins000 — копия (11) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  update/Uninstall/unins000 — копия (12) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  update/Uninstall/unins000 — копия (13) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral15 behavioral16
- Target
  
  update/Uninstall/unins000 — копия (2) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  update/Uninstall/unins000 — копия (2).exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral19 behavioral20
- Target
  
  update/Uninstall/unins000 — копия (3) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  update/Uninstall/unins000 — копия (5).exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral23 behavioral24
- Target
  
  update/Uninstall/unins000 — копия (6) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  update/Uninstall/unins000 — копия (6).exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral27 behavioral28
- Target
  
  update/Uninstall/unins000 — копия (7) — копия.exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  update/Uninstall/unins000 — копия (7).exe
- Size
  
  1.5MB
- MD5
  
  3ab31d714c50ae078f9eaba7b2497191
- SHA1
  
  45c5e807e459d95618c03a6ded9debe1d70013f3
- SHA256
  
  4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb
- SHA512
  
  f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae
- SSDEEP
  
  24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies firewall policy service

Looks up external IP address via web service

Drops file in System32 directory

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32