General

  • Target

    33ff8752083bf6b5105749bf5b772b4a.exe

  • Size

    18.3MB

  • Sample

    240926-l4fvpstgjh

  • MD5

    33ff8752083bf6b5105749bf5b772b4a

  • SHA1

    01f8869d2fcd4ff1184dfc956905e01eb15f0d92

  • SHA256

    ee6ee03724690a677d4bf2610ea86d94eaeb94068d627fe36ec2f0353cc1c9ba

  • SHA512

    26445b94571fb374b57bb0ee129a8e7fc624e7c3d315a6a6fc0f165f33fa593e90932ef4e5bb0faa7b91f9f1647fc62d1027e7bc58947da4ecdde11745104c7a

  • SSDEEP

    49152:Ix1BZ/3KMJESGkP9bKJPUyN1RL7HDUq1373ht:+bZ/6JSGkPRwPU2R3Q63h

Malware Config

Extracted

Family

risepro

C2

3.36.173.8:50500

Targets

    • Target

      33ff8752083bf6b5105749bf5b772b4a.exe

    • Size

      18.3MB

    • MD5

      33ff8752083bf6b5105749bf5b772b4a

    • SHA1

      01f8869d2fcd4ff1184dfc956905e01eb15f0d92

    • SHA256

      ee6ee03724690a677d4bf2610ea86d94eaeb94068d627fe36ec2f0353cc1c9ba

    • SHA512

      26445b94571fb374b57bb0ee129a8e7fc624e7c3d315a6a6fc0f165f33fa593e90932ef4e5bb0faa7b91f9f1647fc62d1027e7bc58947da4ecdde11745104c7a

    • SSDEEP

      49152:Ix1BZ/3KMJESGkP9bKJPUyN1RL7HDUq1373ht:+bZ/6JSGkPRwPU2R3Q63h

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks