risepro | 00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46 | Triage

Submit
Reports

Overview

overview

Static

static

7

00881b102d...46.exe

windows7-x64

00881b102d...46.exe

windows10-2004-x64

Sharing

General

Target

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe
Size

2.3MB
Sample

250318-1djw1a1rx9
MD5

f2598274439c3db1ee095a82ee6f0971
SHA1

64f8ce6db7eba1378364a390be024a418b24e74f
SHA256

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46
SHA512

40f9419d63d4ec3264d1dcc3baea5f959b5d295633a9856c63912669e09e682d1c6fddc40c8bfb88762e57824c4f5c3783554bda234de89e43f40122830465f8
SSDEEP

49152:mGHMf+Ns38A7KxCB/l9Xv9obM27oZVehCpNtBWbYz5gVmdi:mRfhMAWcB/D9MML3ehCpnMEFgVui

Score

10^/10

risepro defense_evasion discovery stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe

Resource

win7-20241010-en

risepro defense_evasion discovery stealer themida trojan

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe

Resource

win10v2004-20250314-en

risepro defense_evasion discovery stealer themida trojan

windows10-2004-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

risepro

C2

147.45.47.126:58709

Targets

- Target
  
  00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46.exe
- Size
  
  2.3MB
- MD5
  
  f2598274439c3db1ee095a82ee6f0971
- SHA1
  
  64f8ce6db7eba1378364a390be024a418b24e74f
- SHA256
  
  00881b102df27366b1e6458095597cd420b7c1f3e18b473922af69528bd16c46
- SHA512
  
  40f9419d63d4ec3264d1dcc3baea5f959b5d295633a9856c63912669e09e682d1c6fddc40c8bfb88762e57824c4f5c3783554bda234de89e43f40122830465f8
- SSDEEP
  
  49152:mGHMf+Ns38A7KxCB/l9Xv9obM27oZVehCpNtBWbYz5gVmdi:mRfhMAWcB/D9MML3ehCpnMEFgVui
Score

10^/10

risepro defense_evasion discovery stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodefense_evasiondiscoverystealerthemidatrojan

behavioral2

riseprodefense_evasiondiscoverystealerthemidatrojan

© 2018-2025

Terms | Privacy