risepro | 00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46 | Triage

Submit
Reports

Overview

overview

Static

static

7

00881b102d...46.exe

windows7-x64

00881b102d...46.exe

windows10-2004-x64

Sharing

General

Target

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe
Size

2.3MB
Sample

250318-1djw1a1rx9
MD5

f2598274439c3db1ee095a82ee6f0971
SHA1

64f8ce6db7eba1378364a390be024a418b24e74f
SHA256

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46
SHA512

40f9419d63d4ec3264d1dcc3baea5f959b5d295633a9856c63912669e09e682d1c6fddc40c8bfb88762e57824c4f5c3783554bda234de89e43f40122830465f8
SSDEEP

49152:mGHMf+Ns38A7KxCB/l9Xv9obM27oZVehCpNtBWbYz5gVmdi:mRfhMAWcB/D9MML3ehCpnMEFgVui

Score

10^/10

risepro defense_evasion discovery stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe

Resource

win7-20241010-en

risepro defense_evasion discovery stealer themida trojan

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe

Resource

win10v2004-20250314-en

risepro defense_evasion discovery stealer themida trojan

windows10-2004-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

- Target
  
  00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe
- Size
  
  2.3MB
- MD5
  
  f2598274439c3db1ee095a82ee6f0971
- SHA1
  
  64f8ce6db7eba1378364a390be024a418b24e74f
- SHA256
  
  00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46
- SHA512
  
  40f9419d63d4ec3264d1dcc3baea5f959b5d295633a9856c63912669e09e682d1c6fddc40c8bfb88762e57824c4f5c3783554bda234de89e43f40122830465f8
- SSDEEP
  
  49152:mGHMf+Ns38A7KxCB/l9Xv9obM27oZVehCpNtBWbYz5gVmdi:mRfhMAWcB/D9MML3ehCpnMEFgVui
Score

10^/10

risepro defense_evasion discovery stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodefense_evasiondiscoverystealerthemidatrojan

behavioral2

riseprodefense_evasiondiscoverystealerthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.