privateloader | b91c8a5f082638d3973c6cbc1f76a71fb2f83c00bb6613978afe544e20500573 | Triage

Sharing

General

Target

2025-04-16_8d979dd94ee4d128254cd1d2cf8c4b0f_black-basta_elex_luca-stealer
Size

1.8MB
Sample

250416-tbhgtsxkv8
MD5

8d979dd94ee4d128254cd1d2cf8c4b0f
SHA1

1671d3153b87ec4fee87f146bcf0664356f03b8e
SHA256

b91c8a5f082638d3973c6cbc1f76a71fb2f83c00bb6613978afe544e20500573
SHA512

38cf4e2fd8880755d8ca2218ffc03aff5a879d1757cd8518fb5ee621445ec5baa03d8f74e4e90da7f4720bc523ff2f808fc94bf3082b8d5bdf98d3be08f5b092
SSDEEP

24576:SJ+2tBSKRBLh2o94YtmdJEBPCZ9imjm0hhQYPUJIJvewcpKBnuE9SH:w+2eKRBLx94U2JoPCs0hhQcmvQnRSH

Score

10^/10

privateloader risepro discovery loader persistence stealer

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Targets

- Target
  
  2025-04-16_8d979dd94ee4d128254cd1d2cf8c4b0f_black-basta_elex_luca-stealer
- Size
  
  1.8MB
- MD5
  
  8d979dd94ee4d128254cd1d2cf8c4b0f
- SHA1
  
  1671d3153b87ec4fee87f146bcf0664356f03b8e
- SHA256
  
  b91c8a5f082638d3973c6cbc1f76a71fb2f83c00bb6613978afe544e20500573
- SHA512
  
  38cf4e2fd8880755d8ca2218ffc03aff5a879d1757cd8518fb5ee621445ec5baa03d8f74e4e90da7f4720bc523ff2f808fc94bf3082b8d5bdf98d3be08f5b092
- SSDEEP
  
  24576:SJ+2tBSKRBLh2o94YtmdJEBPCZ9imjm0hhQYPUJIJvewcpKBnuE9SH:w+2eKRBLx94U2JoPCs0hhQcmvQnRSH
Score

10^/10

privateloader risepro discovery loader persistence stealer
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- Privateloader family
  privateloader
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Risepro family
  risepro
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

privateloaderriseprodiscoveryloaderpersistencestealer

behavioral2

privateloaderriseprodiscoveryloaderpersistencestealer