risepro | 3878a0e50206a6d660b7234483c9d79c8db99c23d2fc281f09435bee25edd577 | Triage

Sharing

General

Target

2024-07-03_bf07f7fb52f00bb1e5d170c5377fcbff_magniber
Size

10.0MB
Sample

240703-n3ktdasbng
MD5

bf07f7fb52f00bb1e5d170c5377fcbff
SHA1

29ce5e56c455c6d2e206660de97ee2929d3635e6
SHA256

3878a0e50206a6d660b7234483c9d79c8db99c23d2fc281f09435bee25edd577
SHA512

9127b7926014f0482dbdc70df5b58fb1106312a2b307de00f911a880d7fc6cdc5c18cb5ce45626c539bc92e5250325ea1017b3a913dd50e3eeffced1aba2c45e
SSDEEP

98304:lBbQ2H/oEMjghbO76uAqrngBNXsH7zMdDwPgQcM3qn8V/cwduNJKf+tLN9Lxy:PRf/JTNXsH7z0DwPgdvwduGf6HL

Score

10^/10

risepro persistence stealer

Malware Config

Targets

- Target
  
  2024-07-03_bf07f7fb52f00bb1e5d170c5377fcbff_magniber
- Size
  
  10.0MB
- MD5
  
  bf07f7fb52f00bb1e5d170c5377fcbff
- SHA1
  
  29ce5e56c455c6d2e206660de97ee2929d3635e6
- SHA256
  
  3878a0e50206a6d660b7234483c9d79c8db99c23d2fc281f09435bee25edd577
- SHA512
  
  9127b7926014f0482dbdc70df5b58fb1106312a2b307de00f911a880d7fc6cdc5c18cb5ce45626c539bc92e5250325ea1017b3a913dd50e3eeffced1aba2c45e
- SSDEEP
  
  98304:lBbQ2H/oEMjghbO76uAqrngBNXsH7zMdDwPgQcM3qn8V/cwduNJKf+tLN9Lxy:PRf/JTNXsH7z0DwPgdvwduGf6HL
Score

10^/10

risepro persistence stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Adds Run key to start application
  persistence
- Suspicious use of NtCreateThreadExHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

risepropersistencestealer

behavioral2

risepropersistencestealer