General
-
Target
RisePro_Server.exe
-
Size
57.5MB
-
Sample
241004-y3pgnsyfka
-
MD5
1e09287be79ea9e8970b009c60ec71e4
-
SHA1
fa44121e58fd7115842269053c0434d90a0dda2d
-
SHA256
3f1065fe34fb5335fcf26d96565d669af0eb18a8ff0b1dc5ab2f4cd172e27272
-
SHA512
902f0ba30ff8a3c72b32c8693c56dfa0aaa9955b42f65a1181873c710383fd76ca922752ffbcb81be4eebf6926f80f0a8f8dfdb467e77fbe935843f009f00174
-
SSDEEP
1572864:LcMpLABVCAtQbu4P5im/GpXyNqDK2vERS:LrpLaVFtQS4P6pZa
Static task
static1
Behavioral task
behavioral1
Sample
RisePro_Server.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RisePro_Server.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
RisePro_Server.exe
-
Size
57.5MB
-
MD5
1e09287be79ea9e8970b009c60ec71e4
-
SHA1
fa44121e58fd7115842269053c0434d90a0dda2d
-
SHA256
3f1065fe34fb5335fcf26d96565d669af0eb18a8ff0b1dc5ab2f4cd172e27272
-
SHA512
902f0ba30ff8a3c72b32c8693c56dfa0aaa9955b42f65a1181873c710383fd76ca922752ffbcb81be4eebf6926f80f0a8f8dfdb467e77fbe935843f009f00174
-
SSDEEP
1572864:LcMpLABVCAtQbu4P5im/GpXyNqDK2vERS:LrpLaVFtQS4P6pZa
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Modifies Windows Firewall
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1