risepro | 952e8649fe47039f20f778310b0591ee83efa659c8bf19c24587e37fe4b14606 | Triage

Resubmissions

24/03/2025, 14:25

250324-rrkk1s1wb1 10

01/08/2024, 19:36

240801-ybf18avfrq 10

Sharing

General

Target

1722448950.190938_setup.exe
Size

2.2MB
Sample

250324-rrkk1s1wb1
MD5

636b4c3770045d8e53c1485ea19f326b
SHA1

dbadc786af04a76114f9f1facb3c007e7b3e2c01
SHA256

952e8649fe47039f20f778310b0591ee83efa659c8bf19c24587e37fe4b14606
SHA512

b498a7b743a3f863998771851ada48e3533598bf156da3c1b9abf430500c4f2a2ede545f25330305c5571235929825edefeddd835f590318e152690b4f5e94a9
SSDEEP

49152:N23muAhf1prFS4Aiy3//QkyM3Pq6ZIiaJKu1AajJQe89:N23muAXs4AKnOCHiYAUQX9

Score

10^/10

risepro defense_evasion discovery stealer

Malware Config

Extracted

Family

risepro

C2

109.120.176.203

Targets

- Target
  
  1722448950.190938_setup.exe
- Size
  
  2.2MB
- MD5
  
  636b4c3770045d8e53c1485ea19f326b
- SHA1
  
  dbadc786af04a76114f9f1facb3c007e7b3e2c01
- SHA256
  
  952e8649fe47039f20f778310b0591ee83efa659c8bf19c24587e37fe4b14606
- SHA512
  
  b498a7b743a3f863998771851ada48e3533598bf156da3c1b9abf430500c4f2a2ede545f25330305c5571235929825edefeddd835f590318e152690b4f5e94a9
- SSDEEP
  
  49152:N23muAhf1prFS4Aiy3//QkyM3Pq6ZIiaJKu1AajJQe89:N23muAXs4AKnOCHiYAUQX9
Score

10^/10

risepro defense_evasion discovery stealer
- Modifies firewall policy service
  defense_evasion
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodefense_evasiondiscoverystealer

behavioral2

riseprodefense_evasiondiscoverystealer

behavioral3

riseprodefense_evasiondiscoverystealer