Overview

overview

10

Static

static

3

ResIL.dll

windows7-x64

1

ResIL.dll

windows10-2004-x64

3

libGLESv2.dll

windows7-x64

3

libGLESv2.dll

windows10-2004-x64

3

res_mods/1...zA.exe

windows7-x64

1

res_mods/1...zA.exe

windows10-2004-x64

1

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...2).exe

windows7-x64

7

update/Uni...2).exe

windows10-2004-x64

7

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...5).exe

windows7-x64

7

update/Uni...5).exe

windows10-2004-x64

7

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...6).exe

windows7-x64

7

update/Uni...6).exe

windows10-2004-x64

7

update/Uni...я.exe

windows7-x64

7

update/Uni...я.exe

windows10-2004-x64

7

update/Uni...7).exe

windows7-x64

7

update/Uni...7).exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    archive.rar

  • Size

    17.7MB

  • Sample

    240702-wkqkxavaph

  • MD5

    9d10f6f08ae1cc016c10b09007063417

  • SHA1

    9b440d571937c06865d148d05eac86d7bbb1d3ea

  • SHA256

    ce4d3cfc167dc8234d14cf91e20131b2c2fc10793a5aab4a76d1cd6a793dcf88

  • SHA512

    7ff1e08754df7d59d8d891c2b3b5d9b813f4834f33033d0998efd241374a4c65718aa8c0439c4c4c8fa767663ea19c7f286f24793ff48e07003fb8748b86830d

  • SSDEEP

    393216:haC3cy3EcC7LniVNZGfmpuoMv6uT9UXzcb+m+wtEVPK:hJ9xC7jievv6uRUXgiXwT

Score
10/10
riseproevasionstealer

Malware Config

Targets

    • Target

      ResIL.dll

    • Size

      1.4MB

    • MD5

      ee360e256e2b836865cf02a6bdd9e5be

    • SHA1

      cd5118ed4363d7fc0027133622dddb37e1c6bbe6

    • SHA256

      f9be6aea3b674a79872683a6622c3ba77fe628f5a2e7f0a000d379e2a0318310

    • SHA512

      3fe6b9fbddcf402ebdebbd4bcfbb3a8d4632bb576dcb44246c1e248076c1f09e6926448217ca724d4febc8fc879838d0d378eb7cc9d1922381acf093ee2a680e

    • SSDEEP

      24576:NL18jX6HrufWRTVl5DzapRdSdRBgF6MP70D16OAGZvEjm5YgWj55Tr52AaUzhW:fr2eVD9dRBgOv+mYTF2AaUA

    Score
    3/10
    behavioral1behavioral2

    • Target

      libGLESv2.dll

    • Size

      4.4MB

    • MD5

      e307e977ebb1df8ba0957a412425ed23

    • SHA1

      e024a7a81e7f485058fec40fd0a745f0d7aecb1e

    • SHA256

      af4f66e79e0cc1e4254f023cfb7f0140561c7d4e38d9bcf6184e8e69b32540db

    • SHA512

      ab5f5beb80915385aea4b62337178c6dfa964edfb7e20c22d364c99cd323fa50df9e2c640d7850765e5a683a07034d6be8f61f47f06a8d1ee1f594da804e6def

    • SSDEEP

      49152:PnBb2OR3KPf/Et3msx8M+TsZ2idR/O0zql9Kgtg6QMsWFxtqhk/bivfhjgrQuIEt:h5qc/622iLAv1NQcoa/bY3g

    Score
    3/10
    behavioral3behavioral4

    • Target

      res_mods/1.23.0.0/scripts/client/gui/mods/7zA.exe

    • Size

      722KB

    • MD5

      43141e85e7c36e31b52b22ab94d5e574

    • SHA1

      cfd7079a9b268d84b856dc668edbb9ab9ef35312

    • SHA256

      ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

    • SHA512

      9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

    • SSDEEP

      12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq

    Score
    1/10
    behavioral5behavioral6

    • Target

      setup.exe

    • Size

      795.4MB

    • MD5

      91f540bb6689c4cd88d4336a0164d52c

    • SHA1

      95561e3dbc6e8334a7fb17057683811bdfb0812d

    • SHA256

      c1c100bfd2ccbe90489a0d6a961c928776e0b8ea6d4252f17d681183ae7bdd9f

    • SHA512

      15f5091fd03711f21ee15b8c2c23167c182927b73a61541358970d5634578c65c2561869d76c7606beff350133ddc573a9d2282c7befea7bf843ba5124cd76d8

    • SSDEEP

      98304:fq4qkxXgnZDkE3DsMCUrUSGgykKoDJkrht130JADnKf53eooUALG5:ygX0gYsMVVGHoDa713+InKkooUMO

    Score
    10/10
    riseproevasionstealer

    • Modifies firewall policy service

      evasion

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      update/Uninstall/unins000 — копия (10) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      update/Uninstall/unins000 — копия (11) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      update/Uninstall/unins000 — копия (12) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      update/Uninstall/unins000 — копия (13) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      update/Uninstall/unins000 — копия (2) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      update/Uninstall/unins000 — копия (2).exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      update/Uninstall/unins000 — копия (3) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral21behavioral22

    • Target

      update/Uninstall/unins000 — копия (5).exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      update/Uninstall/unins000 — копия (6) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral25behavioral26

    • Target

      update/Uninstall/unins000 — копия (6).exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      update/Uninstall/unins000 — копия (7) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      update/Uninstall/unins000 — копия (7).exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

riseproevasionstealer
Score
10/10

behavioral8

riseproevasionstealer
Score
10/10

behavioral9

Score
7/10

behavioral10

Score
7/10

behavioral11

Score
7/10

behavioral12

Score
7/10

behavioral13

Score
7/10

behavioral14

Score
7/10

behavioral15

Score
7/10

behavioral16

Score
7/10

behavioral17

Score
7/10

behavioral18

Score
7/10

behavioral19

Score
7/10

behavioral20

Score
7/10

behavioral21

Score
7/10

behavioral22

Score
7/10

behavioral23

Score
7/10

behavioral24

Score
7/10

behavioral25

Score
7/10

behavioral26

Score
7/10

behavioral27

Score
7/10

behavioral28

Score
7/10

behavioral29

Score
7/10

behavioral30

Score
7/10

behavioral31

Score
7/10

behavioral32

Score
7/10