risepro | 0cdec19adb735aca908f217797e20640983530d126d56beb20fde22886234cf2 | Triage

Sharing

General

Target

path32466.rar
Size

8.2MB
Sample

250410-njeg9aztgs
MD5

95e77bdf04b7031650d6c6db30407cbd
SHA1

e35af824924047ada641cc7a2a99b189273291e3
SHA256

0cdec19adb735aca908f217797e20640983530d126d56beb20fde22886234cf2
SHA512

b57b74404b74742ecad0b4d56f2f0cd6adac88b440a8ee438b8d38985f484751c2d3d44bc5f33de00fc1df4681cf693468d08139b718cbbc26356a38e92fd743
SSDEEP

196608:B0r0FPd7F7LlvUb5Ljz7993RREblHkt3bd3bJyEBqsMsQ0l7yw0:B02lIvz7bBREblEv3lyEY2RV0

Score

10^/10

risepro discovery stealer

Malware Config

Extracted

Family

risepro

C2

193.233.232.86

Targets

- Target
  
  AppFile.exe
- Size
  
  704.0MB
- MD5
  
  4391bf1f2f9d1931e05d1c4bda867d2b
- SHA1
  
  0c693a3387a952eae443559468823a13443953da
- SHA256
  
  c18cfe3c266f22c3ffe14b3ef378086a6a43c75ed39311ce9df14800b077e422
- SHA512
  
  57e6901825a3fbff2eb9033668e7a21fb9fb58036b6d54cfb867d5791dc14a825aca07a0f94d8fb1778e9e2cc025b01a3601c61d800bafe30e6601719a1c7ca5
- SSDEEP
  
  196608:Z8VG/O42OzpufDGQVegTH0DdR4gTH0DdR4gTH0DdR4gTH0DdR4gTH0DdR4gTH0Ds:Z8EOVGpiFVgQQQQQQ
Score

10^/10

risepro discovery stealer
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  res/NvFBC.dll
- Size
  
  1.5MB
- MD5
  
  a92382996045119ffdb2dea19e1484c2
- SHA1
  
  ea84e48ec00cf431b7645ddd866f82fc6e3c78c4
- SHA256
  
  62d9de1c56e7f71fead4b520252ed656fd22b1640d218a85f91653e3eb3d48b0
- SHA512
  
  03d90830d0e1c887e02a2aa40f0e4edabb56e043cbd2a9f9c9c518a534d8b6baad2c8a2c286a9ebae9929356afeb10485c71101194adc4ec9bbf6de8356840b0
- SSDEEP
  
  24576:WGmJOaqO2cECUcgUiHuGqGzXzsdRCb1hFJb01FjzALI+/bPz8/UhKmLce:ZOn9GHsdRCb1hFJb07A0obKUhKmL1
Score

3^/10

discovery
behavioral2
- Target
  
  res/NvFBC64.dll
- Size
  
  2.1MB
- MD5
  
  d3c8b4321e0ff16607d3789a0056fb16
- SHA1
  
  25dcc3679e7490f41ce4f8128ece855616febadc
- SHA256
  
  13dad6eeb16f0ab99ff9d1933e5a09465115ce5a1816cb9a62f18d04b882ec0a
- SHA512
  
  d94e126c646935282fb148776d20655c867b7bf654382be158e137dd882dbcf68082261c2a84dfdd6d78ac0cdb488dc3ba626d4a19ee03c7145dc113c1638376
- SSDEEP
  
  24576:aoltqk+vMs9O6LMnfwi4Wa9GykX44hcQALXG18QilV3qPghOhvqDDXYW4BL:XM9hMnoija9GydpLXm8Qw5uxhZ3R
Score

1^/10
behavioral3
- Target
  
  res/nvopencl64.dll
- Size
  
  10.2MB
- MD5
  
  d42782c28535e4c714b2b5d412210b80
- SHA1
  
  db3412f5439ccf9b3653dbd74191f3fe94eb3fef
- SHA256
  
  cf10a54ba11815b597436f064619d034a8b498ba09c02ad0b55bf02037e7f424
- SHA512
  
  f9715e0a38dfd5f694b36fa291f56d5388cc43e9fe5762bd7e2c35b4cc3b6262a83d8455396a23faa5127d20369df20ae19564f539c623c5d644d04de9d17e16
- SSDEEP
  
  49152:lZHS5ID2wgCQ+i84uMwSWfgD3sVC/pppjXRYHYY/Vm27obXq4NkaRxZ8vjnOrV6v:Hgaa6Q27SdCkyTPvk2SFJ9SP
Score

1^/10
behavioral4

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

riseprodiscoverystealer

behavioral2

behavioral3

behavioral4