risepro | 20b31b980496c36a533a278bddae033dba591f14d41d4633c7a915563d12b27c | Triage

Sharing

General

Target

archive.zip
Size

23.0MB
Sample

240703-ypz19avhkp
MD5

fadba2f2b3f8d1bc0bac5aec37ed9029
SHA1

1b6b9672719bbbb41421ff172809c4599ca1a900
SHA256

20b31b980496c36a533a278bddae033dba591f14d41d4633c7a915563d12b27c
SHA512

0fd8844c24bb1e92f24bc75210a72520eb232958d10f045b3939f05f1bf0006dfce820f2a053d85489e1b69a5e82dce1c4f207b3afcbbb6ce0f964c69415e71a
SSDEEP

393216:5L50Mn8dsUIDmQK4OKPtKiIK5LKaxKhHK2VKaiKdWKn9KIYKf66jCx6LOoWGJ:54ePmQK4OKPtKiIK5LKaxKhHK2VKaiKR

Score

10^/10

risepro evasion stealer

Malware Config

Targets

- Target
  
  archive/setup.exe
- Size
  
  794.4MB
- MD5
  
  a2406b688dd360f97e71bcb9a1011452
- SHA1
  
  e131b31f6e5e86ca701288f8268c9aa37fe84edc
- SHA256
  
  9d8579e09983a53827a2ceeca9a4e3df33f478a8da5d4f1da7aa1f81851763d7
- SHA512
  
  c3a2e56fc011f35f06ee005af3f5b5a808e712d9c92b672759f00984b8e79411c2d09bad11a0228cb6f7665cf7e70a5b1bee0ccfd0866b5fdcc08e395a5a7f8f
- SSDEEP
  
  98304:RTp4drlAMTLgTg0thL+mGkXj3Bl7gg06tlIWkJF:RTidHTLgTBxNlgaIWQ
Score

10^/10

risepro evasion stealer
- Modifies firewall policy service
  evasion
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseproevasionstealer

behavioral2

riseproevasionstealer

behavioral3

riseproevasionstealer