Overview

overview

10

Static

static

3

AppFile_patched.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AppFile_patched.exe

  • Size

    2.9MB

  • Sample

    250410-my6plsyyey

  • MD5

    dd0e42a9bdd560ef03db901a72d26450

  • SHA1

    0870d6a0bad3ece9c7419494d847e544370543bc

  • SHA256

    e711519f57201d4a464f9af8109131173dd9f1ba9cad7fe94a6a1711037ba23f

  • SHA512

    3d7ed844803b9c83b81dfcf8c5f95c20ec27328c65294911b15e9d26b3e45bb3d5a46ec6fd16a1da34f61a42baeae0a81e36c0550bb3c6526e7aed1ba6e13136

  • SSDEEP

    49152:J8WtM7xx9FDsami+LQd2wG6vuLLUdc2tyGRG1oI1h2gZxYdDnemk+7609HBwnQVZ:J8WqVt+L/wbv4U2eE1z4oOnfD77HBwna

Score
10/10
riseprodiscoverystealer

Malware Config

Extracted

Family

risepro

C2

193.233.232.86

Targets

    • Target

      AppFile_patched.exe

    • Size

      2.9MB

    • MD5

      dd0e42a9bdd560ef03db901a72d26450

    • SHA1

      0870d6a0bad3ece9c7419494d847e544370543bc

    • SHA256

      e711519f57201d4a464f9af8109131173dd9f1ba9cad7fe94a6a1711037ba23f

    • SHA512

      3d7ed844803b9c83b81dfcf8c5f95c20ec27328c65294911b15e9d26b3e45bb3d5a46ec6fd16a1da34f61a42baeae0a81e36c0550bb3c6526e7aed1ba6e13136

    • SSDEEP

      49152:J8WtM7xx9FDsami+LQd2wG6vuLLUdc2tyGRG1oI1h2gZxYdDnemk+7609HBwnQVZ:J8WqVt+L/wbv4U2eE1z4oOnfD77HBwna

    Score
    10/10
    riseprodiscoverystealer

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Risepro family

      risepro

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Network Share Discovery

      Attempt to gather information on host network.

      discovery

    • Enumerates processes with tasklist

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v16

Tasks