risepro | ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f | Triage

Submit
Reports

Overview

overview

Static

static

7

ca9b2380df...8f.exe

windows7-x64

ca9b2380df...8f.exe

windows10-2004-x64

Sharing

General

Target

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe
Size

2.4MB
Sample

250318-kffpcs1py3
MD5

4a36fa7c0ccbc6842c541a6439ab545a
SHA1

9257009dd59ac4db2518293bcd46be058d937284
SHA256

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
SHA512

13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77
SSDEEP

49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW

Score

10^/10

risepro defense_evasion discovery stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe

Resource

win7-20240903-en

risepro defense_evasion discovery stealer themida trojan

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe

Resource

win10v2004-20250314-en

risepro defense_evasion discovery stealer themida trojan

windows10-2004-x64

9 signatures

300 seconds

Malware Config

Extracted

Family

risepro

C2

193.233.132.253:50500

Targets

- Target
  
  ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f.exe
- Size
  
  2.4MB
- MD5
  
  4a36fa7c0ccbc6842c541a6439ab545a
- SHA1
  
  9257009dd59ac4db2518293bcd46be058d937284
- SHA256
  
  ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
- SHA512
  
  13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77
- SSDEEP
  
  49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW
Score

10^/10

risepro defense_evasion discovery stealer themida trojan
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  defense_evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  defense_evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodefense_evasiondiscoverystealerthemidatrojan

behavioral2

riseprodefense_evasiondiscoverystealerthemidatrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.