risepro | 60285015f8b5e32f20411d30b7c64d8748827409275f5a42053b307bc2ff17de | Triage

Submit
Reports

Overview

overview

Static

static

3

Lisect_AVT...89.exe

windows7-x64

Lisect_AVT...89.exe

windows10-2004-x64

Sharing

General

Target

Lisect_AVT_24003_G1A_89.exe
Size

3.0MB
Sample

240725-cp5e3ssdrq
MD5

ee50f2db274c7abdbae3713a14020c24
SHA1

312af659d98d04b23c6ab5f5324604fd04a96777
SHA256

60285015f8b5e32f20411d30b7c64d8748827409275f5a42053b307bc2ff17de
SHA512

bbacd094942f9493d58367d19bf5573331d40c7cd96a2b0d4a787de215e9c3c509c1f2f168b2e632c55686b41ae72713abbe9214c04c889f8d3f18ecda9b6b11
SSDEEP

49152:27lf5RZ4Q9FDCjZtjBJBMndpCqYiCZG5uvmmAwYU9fF4nbGs/cSqyVU5jX:27lf5RWxfaHCqhCZ3dAwY+fFGqnX

Score

10^/10

risepro aspackv2 discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Lisect_AVT_24003_G1A_89.exe

Resource

win7-20240705-en

risepro aspackv2 discovery stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Lisect_AVT_24003_G1A_89.exe

Resource

win10v2004-20240709-en

risepro aspackv2 discovery stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.62

Targets

- Target
  
  Lisect_AVT_24003_G1A_89.exe
- Size
  
  3.0MB
- MD5
  
  ee50f2db274c7abdbae3713a14020c24
- SHA1
  
  312af659d98d04b23c6ab5f5324604fd04a96777
- SHA256
  
  60285015f8b5e32f20411d30b7c64d8748827409275f5a42053b307bc2ff17de
- SHA512
  
  bbacd094942f9493d58367d19bf5573331d40c7cd96a2b0d4a787de215e9c3c509c1f2f168b2e632c55686b41ae72713abbe9214c04c889f8d3f18ecda9b6b11
- SSDEEP
  
  49152:27lf5RZ4Q9FDCjZtjBJBMndpCqYiCZG5uvmmAwYU9fF4nbGs/cSqyVU5jX:27lf5RWxfaHCqhCZ3dAwY+fFGqnX
Score

10^/10

risepro aspackv2 discovery stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

riseproaspackv2discoverystealer

behavioral2

riseproaspackv2discoverystealer

© 2018-2024

Terms | Privacy