MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 137a14bc6d65e2e9523b55d601ccd4bf0a12b83de4c7207d55461e1fafefee64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RiseProStealer

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	137a14bc6d65e2e9523b55d601ccd4bf0a12b83de4c7207d55461e1fafefee64
SHA3-384 hash:	7cef9b3143615f79b57e90ee78114bac78ea6dd397d80e2364013f004b3f086be3fdabc4a926e08500f85883be37edeb
SHA1 hash:	8d24a71f816cedb7eef4877300033ff7a1dc3dd5
MD5 hash:	14fd2ec9da6c9975a2f146aa74f13616
humanhash:	seven-four-twenty-table
File name:	SecuriteInfo.com.Win32.TrojanX-gen.10393.17755
Download:	download sample
Signature	RiseProStealer Create hunting rule
File size:	1'875'968 bytes
First seen:	2024-01-17 04:18:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1e453fd81736fddb1b5f5ce807c79734 (70 x RiseProStealer)
ssdeep	49152:BY+LlPbcBVml+RMOqHsoIpbY1enAGaZvzdbd:LLlIk+CdsoIpbY1eANz
Threatray	401 similar samples on MalwareBazaar
TLSH	T1089523FA3BF8091DD8C067F55BB1E762A2E0ACC6CF549EC6D5A31882774B4C09E52163
TrID	32.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 28.9% (.EXE) Win32 Executable (generic) (4505/5/1) 13.0% (.EXE) OS/2 Executable (generic) (2029/13) 12.8% (.EXE) Generic Win/DOS Executable (2002/3) 12.8% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	b8666aaad6f878b4 (90 x RiseProStealer)
Reporter	SecuriteInfoCom
Tags:	exe RiseProStealer

Intelligence

File Origin

# of uploads :

# of downloads :

510

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/471247/

Detection(s):

SecuriteInfo.com.Win32.TrojanX-gen.10393.17755.UNOFFICIAL

PUA.Win.Packer.EnigmaProtector-9852682-0

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

crypto enigma lolbin obfuscated packed packed setupapi shell32

Link:

https://www.filescan.io/uploads/65a755380a1b1cfd84a41469/reports/654607e7-80d2-4857-ac37-698fb14a0a55/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/137a14bc6d65e2e9523b55d601ccd4bf0a12b83de4c7207d55461e1fafefee64

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Spark

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f30dd335-14f4-40f1-8803-095c1caa281b

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1375858

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file has nameless sections

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/137a14bc6d65e2e9523b55d601ccd4bf0a12b83de4c7207d55461e1fafefee64

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/137a14bc6d65e2e9523b55d601ccd4bf0a12b83de4c7207d55461e1fafefee64/

Threat name:

Win32.Trojan.RiseProStealer

Status:

Malicious

First seen:

2024-01-17 04:19:11 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 24 (79.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cn5bjpdnmxrosur3kxladtgux4fbfob54tdsa7kviypb7l7p5zsa._file

Verdict:

unknown

RiseProStealer

25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130

RiseProStealer

52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919

RiseProStealer

6a48ac5216483da8b1b797767ce570a17c366af1068cf40e0c91a4072690c7fb

RiseProStealer

75dfb399f9051496a46dcf0d73434a283751c11e31308965f8af800e94290579

RiseProStealer

e69443a557cf565a4fc7481158c76a057543a045f3ac40061d08f42583517df5

RiseProStealer

+ 391 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240117-exhmdshdc6/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

137a14bc6d65e2e9523b55d601ccd4bf0a12b83de4c7207d55461e1fafefee64

MD5 hash:

14fd2ec9da6c9975a2f146aa74f13616

SHA1 hash:

8d24a71f816cedb7eef4877300033ff7a1dc3dd5

Detections:

SUSP_XORed_URL_In_EXE

Link:

https://www.unpac.me/results/3b1e3612-e0d4-49f4-9949-29d2ff8229f7/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/137a14bc6d65e2e9523b55d601ccd4bf0a12b83de4c7207d55461e1fafefee64

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	maldoc_getEIP_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	SUSP_XORed_URL_In_EXE Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834

Rule name:	SUSP_XORed_URL_in_EXE_RID2E46 Create hunting rule
Author:	Florian Roth
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834