Overview

overview

10

Static

static

3

archive/ResIL.dll

windows7-x64

1

archive/ResIL.dll

windows10-2004-x64

3

archive/libGLESv2.dll

windows7-x64

3

archive/libGLESv2.dll

windows10-2004-x64

3

archive/re...zA.exe

windows7-x64

1

archive/re...zA.exe

windows10-2004-x64

1

archive/setup.exe

windows7-x64

10

archive/setup.exe

windows10-2004-x64

10

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...5).exe

windows7-x64

1

archive/up...5).exe

windows10-2004-x64

1

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...6).exe

windows7-x64

7

archive/up...6).exe

windows10-2004-x64

7

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...7).exe

windows7-x64

7

archive/up...7).exe

windows10-2004-x64

7

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

archive/up...я.exe

windows7-x64

7

archive/up...я.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fadba2f2b3f8d1bc0bac5aec37ed9029.bin

  • Size

    22.2MB

  • Sample

    240705-ehjadavaqe

  • MD5

    a3e5bb785447b9fc0a3270f82e01bd62

  • SHA1

    640da92657b6438213f3033156cd7357796754d8

  • SHA256

    443058d8384fa38880357e1e204a7f7b156da016082ba2bc3be894f8d336bb0f

  • SHA512

    55f7826f55740ec9571b8717cb30e2db95770c21153805236bed013915d926cffd8f37021a162efc74ad2af9da26f755178b96859233ce65d73f2154127d960f

  • SSDEEP

    393216:JQiSGcObH7CBJVDG0ELBAcRGeV/Q9dYwbtns47ApLXh/F9GlMrnxUXWm0CXdAcYi:JQ03bb2W9LB3GoQXYMns47AnPBCwCXdN

Score
10/10
riseproevasionstealer

Malware Config

Targets

    • Target

      archive/ResIL.dll

    • Size

      1.4MB

    • MD5

      ee360e256e2b836865cf02a6bdd9e5be

    • SHA1

      cd5118ed4363d7fc0027133622dddb37e1c6bbe6

    • SHA256

      f9be6aea3b674a79872683a6622c3ba77fe628f5a2e7f0a000d379e2a0318310

    • SHA512

      3fe6b9fbddcf402ebdebbd4bcfbb3a8d4632bb576dcb44246c1e248076c1f09e6926448217ca724d4febc8fc879838d0d378eb7cc9d1922381acf093ee2a680e

    • SSDEEP

      24576:NL18jX6HrufWRTVl5DzapRdSdRBgF6MP70D16OAGZvEjm5YgWj55Tr52AaUzhW:fr2eVD9dRBgOv+mYTF2AaUA

    Score
    3/10
    behavioral1behavioral2

    • Target

      archive/libGLESv2.dll

    • Size

      4.4MB

    • MD5

      e307e977ebb1df8ba0957a412425ed23

    • SHA1

      e024a7a81e7f485058fec40fd0a745f0d7aecb1e

    • SHA256

      af4f66e79e0cc1e4254f023cfb7f0140561c7d4e38d9bcf6184e8e69b32540db

    • SHA512

      ab5f5beb80915385aea4b62337178c6dfa964edfb7e20c22d364c99cd323fa50df9e2c640d7850765e5a683a07034d6be8f61f47f06a8d1ee1f594da804e6def

    • SSDEEP

      49152:PnBb2OR3KPf/Et3msx8M+TsZ2idR/O0zql9Kgtg6QMsWFxtqhk/bivfhjgrQuIEt:h5qc/622iLAv1NQcoa/bY3g

    Score
    3/10
    behavioral3behavioral4

    • Target

      archive/res_mods/1.23.0.0/scripts/client/gui/mods/7zA.exe

    • Size

      722KB

    • MD5

      43141e85e7c36e31b52b22ab94d5e574

    • SHA1

      cfd7079a9b268d84b856dc668edbb9ab9ef35312

    • SHA256

      ea308c76a2f927b160a143d94072b0dce232e04b751f0c6432a94e05164e716d

    • SHA512

      9119ae7500aa5cccf26a0f18fd8454245347e3c01dabba56a93dbaaab86535e62b1357170758f3b3445b8359e7dd5d37737318a5d8a6047c499d32d5b64126fc

    • SSDEEP

      12288:AwAxBpwU5gU+2/9dB5XlH1YAEa5OLW0TjLWG3rn0Yf5ogmn9X9Rf6TIALr22DIVM:AhY2gUfVH5XlVYzagW4/3rn0Y5zmzRfq

    Score
    1/10
    behavioral5behavioral6

    • Target

      archive/setup.exe

    • Size

      794.4MB

    • MD5

      a2406b688dd360f97e71bcb9a1011452

    • SHA1

      e131b31f6e5e86ca701288f8268c9aa37fe84edc

    • SHA256

      9d8579e09983a53827a2ceeca9a4e3df33f478a8da5d4f1da7aa1f81851763d7

    • SHA512

      c3a2e56fc011f35f06ee005af3f5b5a808e712d9c92b672759f00984b8e79411c2d09bad11a0228cb6f7665cf7e70a5b1bee0ccfd0866b5fdcc08e395a5a7f8f

    • SSDEEP

      98304:RTp4drlAMTLgTg0thL+mGkXj3Bl7gg06tlIWkJF:RTidHTLgTBxNlgaIWQ

    Score
    10/10
    riseproevasionstealer

    • Modifies firewall policy service

      evasion

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

      stealerrisepro

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    behavioral7behavioral8

    • Target

      archive/update/Uninstall/unins000 — копия (10) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral10behavioral9

    • Target

      archive/update/Uninstall/unins000 — копия (11) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral11behavioral12

    • Target

      archive/update/Uninstall/unins000 — копия (12) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral13behavioral14

    • Target

      archive/update/Uninstall/unins000 — копия (13) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral15behavioral16

    • Target

      archive/update/Uninstall/unins000 — копия (2) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      archive/update/Uninstall/unins000 — копия (5).exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    1/10
    behavioral19behavioral20

    • Target

      archive/update/Uninstall/unins000 — копия (6) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral21behavioral22

    • Target

      archive/update/Uninstall/unins000 — копия (6).exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      archive/update/Uninstall/unins000 — копия (7) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral25behavioral26

    • Target

      archive/update/Uninstall/unins000 — копия (7).exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral27behavioral28

    • Target

      archive/update/Uninstall/unins000 — копия (8) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral29behavioral30

    • Target

      archive/update/Uninstall/unins000 — копия (9) — копия.exe

    • Size

      1.5MB

    • MD5

      3ab31d714c50ae078f9eaba7b2497191

    • SHA1

      45c5e807e459d95618c03a6ded9debe1d70013f3

    • SHA256

      4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb

    • SHA512

      f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae

    • SSDEEP

      24576:0H9/gqpQYze0XKvc4BYCsCS3D4kjiIUjyeyXEDq8UbVlc3GYgl4KvjKMrexLxB:cIEJxCWluyZ8UbMZz

    Score
    7/10

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

1
T1112

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

Score
3/10

behavioral1

Score
1/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

riseproevasionstealer
Score
10/10

behavioral8

riseproevasionstealer
Score
10/10

behavioral9

Score
7/10

behavioral10

Score
7/10

behavioral11

Score
7/10

behavioral12

Score
7/10

behavioral13

Score
7/10

behavioral14

Score
7/10

behavioral15

Score
7/10

behavioral16

Score
7/10

behavioral17

Score
7/10

behavioral18

Score
7/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
7/10

behavioral22

Score
7/10

behavioral23

Score
7/10

behavioral24

Score
7/10

behavioral25

Score
7/10

behavioral26

Score
7/10

behavioral27

Score
7/10

behavioral28

Score
7/10

behavioral29

Score
7/10

behavioral30

Score
7/10

behavioral31

Score
7/10

behavioral32

Score
7/10