risepro | e5cb4f3f8d41c28116b9ff3253ab5f6d6736e18da2d225cf15379954b2751643 | Triage

Submit
Reports

Overview

overview

Static

static

3

hunta[1].exe

windows7-x64

hunta[1].exe

windows10-2004-x64

Sharing

General

Target

hunta[1].exe
Size

2.3MB
Sample

240724-3lvpkstgjm
MD5

651de10cfaaa78be50eda9f3f0ce9ea7
SHA1

6b922567fc5880e38fc9a3eacc24f6bab3785731
SHA256

e5cb4f3f8d41c28116b9ff3253ab5f6d6736e18da2d225cf15379954b2751643
SHA512

b3d038963134f43113831d929787aac25e597e17e763c3955660e7d1ed63539c7a929a19a95ae306b390955ffcbad89eb3857402bde3159093ac43dfe9244446
SSDEEP

49152:QSPmGpG0CTiBOGt/tP0HtQ0dcMjXyMxB/x5UGn77l7G4bo8jqOs8DoV:bPmG8HTiVtWQXqiMxVQaRGy3qOs8U

Score

10^/10

risepro aspackv2 discovery evasion stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

hunta[1].exe

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

hunta[1].exe

Resource

win10v2004-20240709-en

risepro aspackv2 discovery evasion stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Targets

- Target
  
  hunta[1].exe
- Size
  
  2.3MB
- MD5
  
  651de10cfaaa78be50eda9f3f0ce9ea7
- SHA1
  
  6b922567fc5880e38fc9a3eacc24f6bab3785731
- SHA256
  
  e5cb4f3f8d41c28116b9ff3253ab5f6d6736e18da2d225cf15379954b2751643
- SHA512
  
  b3d038963134f43113831d929787aac25e597e17e763c3955660e7d1ed63539c7a929a19a95ae306b390955ffcbad89eb3857402bde3159093ac43dfe9244446
- SSDEEP
  
  49152:QSPmGpG0CTiBOGt/tP0HtQ0dcMjXyMxB/x5UGn77l7G4bo8jqOs8DoV:bPmG8HTiVtWQXqiMxVQaRGy3qOs8U
Score

10^/10

risepro aspackv2 discovery evasion stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

riseproaspackv2discoveryevasionstealer

© 2018-2025

Terms | Privacy