risepro | hxxps://tirrex[.]cl/server/arch0408_0224[.]7z | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://tirrex.cl/se...

windows10-2004-x64

Sharing

General

Target

https://tirrex.cl/server/arch0408_0224.7z
Sample

250414-vseypsvnz5

Score

10^/10

risepro defense_evasion discovery stealer

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://tirrex.cl/server/arch0408_0224.7z

Resource

win10v2004-20250410-en

risepro defense_evasion discovery stealer

windows10-2004-x64

27 signatures

600 seconds

Malware Config

Extracted

Family

risepro

C2

185.225.200.214

Targets

- Target
  
  https://tirrex.cl/server/arch0408_0224.7z
Score

10^/10

risepro defense_evasion discovery stealer
- Modifies firewall policy service
  defense_evasion
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

riseprodefense_evasiondiscoverystealer

© 2018-2025

Terms | Privacy