MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RiseProStealer

Vendor detections: 11

Intelligence 11 IOCs YARA 3 File information Comments

SHA256 hash:	25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130
SHA3-384 hash:	a320ae84df0ffd7c81d337bd89efcb1a21ea7d0dfd2208458dba3afdfaec568f246b450cd9ef5864adb3cdd93ad36dc9
SHA1 hash:	41145cb48cbad6e2760e9e1a4fb19fd4d6793691
MD5 hash:	5ccb399bbdddd3393cffc6581b345c68
humanhash:	item-winter-seven-september
File name:	SecuriteInfo.com.Win32.TrojanX-gen.11992.28884
Download:	download sample
Signature	RiseProStealer Create hunting rule
File size:	1'875'968 bytes
First seen:	2024-01-12 21:20:00 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1e453fd81736fddb1b5f5ce807c79734 (70 x RiseProStealer)
ssdeep	24576:udya+I6b+bYmUxRqDkNLv8UqSGACKqa2SqF93XuN0tM0tY1OQ8jo13S9+TMlUvdf:udR6ykakdSACTBSIG90tMOQH13SUolq
Threatray	294 similar samples on MalwareBazaar
TLSH	T1F89523F67AF6541CD8C15BF12772A23212E8ACD2CF604EDAC0DB5C617B978D22A5B503
TrID	32.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 28.9% (.EXE) Win32 Executable (generic) (4505/5/1) 13.0% (.EXE) OS/2 Executable (generic) (2029/13) 12.8% (.EXE) Generic Win/DOS Executable (2002/3) 12.8% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	b8666aaad6f878b4 (90 x RiseProStealer)
Reporter	SecuriteInfoCom
Tags:	exe RiseProStealer

Intelligence

File Origin

# of uploads :

# of downloads :

528

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/470598/

Detection(s):

SecuriteInfo.com.Win32.TrojanX-gen.11992.28884.UNOFFICIAL

PUA.Win.Packer.EnigmaProtector-9852682-0

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

crypto enigma lolbin obfuscated packed packed setupapi shell32

Link:

https://www.filescan.io/uploads/65a1ad0394d1aebfb29be75a/reports/e0d9a657-d2c9-462d-bd45-a8af2910312f/overview

Verdict:

Malicious

Labled as:

Malware

Link:

https://www.hybrid-analysis.com/sample/25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Spark

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/953cc06c-cdc2-402f-8ab9-66fc852bea26

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1374031

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

PE file has nameless sections

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2024-01-12 21:20:06 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

14 of 38 (36.84%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=evjg6qv63lrli6epwksupsukcadxb4wqx6hrhnedrgpk6uvzeeya._file

Verdict:

unknown

RiseProStealer

52dd30e29abf61d4e6ea0ca34e23649fe98c73d6529c5b5253825660f0d0f919

RiseProStealer

8f9c9b00fc65ab0f943bace26a7c2f921f5eebb04bcfa8fb33708c8fc7358be5

RiseProStealer

ca040efdfa64cf6f1ed4a608427cb7ec730bd521dd54d02847cd45353f7b96ce

RiseProStealer

d7b86eb0a40bd710bf24b8e66b36d8d65f50eee6a32e4818b5d52d1de13754ea

RiseProStealer

da82319d644e8316e8271b697d5c5df9e20d7edba7f61aafca3c0e2b94440899

RiseProStealer

+ 284 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240112-z6q1caffe3/

Behaviour

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130

MD5 hash:

5ccb399bbdddd3393cffc6581b345c68

SHA1 hash:

41145cb48cbad6e2760e9e1a4fb19fd4d6793691

Detections:

SUSP_XORed_URL_In_EXE

Link:

https://www.unpac.me/results/cae84d92-1c11-4151-b1bd-16a1b3795587/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/25526f42bedae2b4788fb2a547ca8a100770f2d0bf8f13b483899eaf52b92130

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	maldoc_getEIP_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	SUSP_XORed_URL_In_EXE Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834

Rule name:	SUSP_XORed_URL_in_EXE_RID2E46 Create hunting rule
Author:	Florian Roth
Description:	Detects an XORed URL in an executable
Reference:	https://twitter.com/stvemillertime/status/1237035794973560834

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/470598/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample