Resubmissions

24/03/2025, 14:25

250324-rrkk1s1wb1 10

01/08/2024, 19:36

240801-ybf18avfrq 10

General

  • Target

    1722448950.190938_setup.exe

  • Size

    2.2MB

  • Sample

    250324-rrkk1s1wb1

  • MD5

    636b4c3770045d8e53c1485ea19f326b

  • SHA1

    dbadc786af04a76114f9f1facb3c007e7b3e2c01

  • SHA256

    952e8649fe47039f20f778310b0591ee83efa659c8bf19c24587e37fe4b14606

  • SHA512

    b498a7b743a3f863998771851ada48e3533598bf156da3c1b9abf430500c4f2a2ede545f25330305c5571235929825edefeddd835f590318e152690b4f5e94a9

  • SSDEEP

    49152:N23muAhf1prFS4Aiy3//QkyM3Pq6ZIiaJKu1AajJQe89:N23muAXs4AKnOCHiYAUQX9

Malware Config

Extracted

Family

risepro

C2

109.120.176.203

Targets

    • Target

      1722448950.190938_setup.exe

    • Size

      2.2MB

    • MD5

      636b4c3770045d8e53c1485ea19f326b

    • SHA1

      dbadc786af04a76114f9f1facb3c007e7b3e2c01

    • SHA256

      952e8649fe47039f20f778310b0591ee83efa659c8bf19c24587e37fe4b14606

    • SHA512

      b498a7b743a3f863998771851ada48e3533598bf156da3c1b9abf430500c4f2a2ede545f25330305c5571235929825edefeddd835f590318e152690b4f5e94a9

    • SSDEEP

      49152:N23muAhf1prFS4Aiy3//QkyM3Pq6ZIiaJKu1AajJQe89:N23muAXs4AKnOCHiYAUQX9

    • Modifies firewall policy service

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Risepro family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Drops file in System32 directory

    • Enumerates processes with tasklist

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks