risepro | ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f | Triage

Submit
Reports

Overview

overview

Static

static

7

ca9b2380df...8f.exe

windows7-x64

ca9b2380df...8f.exe

windows10-2004-x64

Sharing

General

Target

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe
Size

2.4MB
Sample

250318-kffpcs1py3
MD5

4a36fa7c0ccbc6842c541a6439ab545a
SHA1

9257009dd59ac4db2518293bcd46be058d937284
SHA256

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
SHA512

13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77
SSDEEP

49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW

Score

10^/10

risepro defense_evasion discovery stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe

Resource

win7-20240903-en

risepro defense_evasion discovery stealer themida trojan

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe

Resource

win10v2004-20250314-en

risepro defense_evasion discovery stealer themida trojan

windows10-2004-x64

9 signatures

300 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

- Target
  
  ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe
- Size
  
  2.4MB
- MD5
  
  4a36fa7c0ccbc6842c541a6439ab545a
- SHA1
  
  9257009dd59ac4db2518293bcd46be058d937284
- SHA256
  
  ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
- SHA512
  
  13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77
- SSDEEP
  
  49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW
Score

10^/10

risepro defense_evasion discovery stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodefense_evasiondiscoverystealerthemidatrojan

behavioral2

riseprodefense_evasiondiscoverystealerthemidatrojan

© 2018-2025

Terms | Privacy