privateloader | 4740-0-0x0000000000400000-0x000000000053D000-memory[.]dmp | Triage

Sharing

General

Target

4740-0-0x0000000000400000-0x000000000053D000-memory.dmp
Size

1.2MB
MD5

e66962b6f0ae1bef0a4e1ee7b54149dc
SHA1

0b0a544a516c454d3360e2b0300e871f197cea5c
SHA256

9b0d7fd9a2d58fed8522140cc18deb656d884009f0515727cd50c09fbc10d475
SHA512

e44d8aa05e365d65454f03779f0c7564d9832ef8a8d7e279ca3d8329e74bdab674ee5832848f20ef5e54975c5ad5b354bdd3cadfc3e3bc61a239ecf9f28a340d
SSDEEP

24576:I1vuE03HfGvF4TLt7oj7v0zvr3974W1PbijMT6YFbs7pmqBTxVS1GFbwzFVc+:s6XfGvW17iWbijMeYFbs70qBTS1GFbwx

Score

10^/10

privateloader risepro

Malware Config

Extracted

Family

risepro

C2

194.169.175.128

Signatures

Privateloader family
privateloader
Risepro family
risepro

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4740-0-0x0000000000400000-0x000000000053D000-memory.dmp

Files

4740-0-0x0000000000400000-0x000000000053D000-memory.dmp
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1006KB - Virtual size: 1005KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ