MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RiseProStealer


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2
SHA3-384 hash: a7f522e088de6bc24e8e91c6a2ce458fbb9ecbd82d3f7570f055948e5dc38b66687e8fa8a34ff06832ea8bb7aa00cb7f
SHA1 hash: 90778ff67360547e1819de661e942e328a05c7a8
MD5 hash: 5c0bf8e4019d0a819937abb99acbfc11
humanhash: cold-don-pizza-fruit
File name:file
Download: download sample
Signature RiseProStealer
Create hunting rule
File size:1'686'769 bytes
First seen:2023-12-16 18:21:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a391c991ba6330d6ddb5beaa15ef064c (303 x RiseProStealer, 7 x RisePro)
ssdeep 49152:80ceOGgUYYEmluRKYoFh4kGWusbQnIyDi1E1uFnTKi/OjCCNG:1XOGgUYC4RKXFhrusbaDkE1u
Threatray 2'313 similar samples on MalwareBazaar
TLSH T16B756C31A741B462F86314B5725E57E611A235302B92C8D7F7C16FAEB2A2BD39334E13
TrID 68.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.5% (.EXE) Win64 Executable (generic) (10523/12/4)
6.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) Win32 Executable (generic) (4505/5/1)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter jstrosch
Tags:exe RiseProStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
284
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468084/
Detection(s):
Win.Malware.Midie-10016707-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control crypto fingerprint greyware lolbin overlay setupapi shell32
Link:
https://www.filescan.io/uploads/657deacca6bc59352f2a65ef/reports/229e03f5-eead-41cc-b21b-4d25317f5ae6/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
RisePro Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6b393219-0ae6-4d1a-bf89-a73f328c4b08
Result
Threat name:
PrivateLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1363472
Signature
Contains functionality to inject threads in other processes
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for submitted file
Yara detected PrivateLoader
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2/
Threat name:
Win32.Trojan.RisePro
Create hunting rule
Status:
Malicious
First seen:
2023-12-16 18:22:07 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nnuxugwclm762z3exijtce37yojuccv54dvla3zmjpd7fwhfrsza._file
Verdict:
malicious
Similar samples:
21daabe792834107f52e59ac7b2a24cb070dde1dd9879e9cbf9f3e81f1e0fecd
RiseProStealer
67f6aa5c680b96907b75de39219afb903d747e4bb04ccb0667294f4f33722fc4
RiseProStealer
6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2
RiseProStealer
71229c5b2a45d6ba9b6b9f4c1f1a78e696aabd2965a173d066e982aa08304b8a
RiseProStealer
8750bdd67a1ecaa07e2431fc016af78133ccf06a33b1118af63bfdddc5ec5670
RiseProStealer
b835197ade6c2fcdc04135d0f87e4d501c518878379216f93c4e8a4866380dfd
RiseProStealer
f3d20110ebce5e630f9f601b808a0d978965faf1288f7821abe6593315ddff14
RiseProStealer
+ 2'303 additional samples on MalwareBazaar
Result
Malware family:
risepro
Create hunting rule
Score:
  10/10
Tags:
family:privateloader family:risepro
Link:
https://tria.ge/reports/231216-wzwepscecq/
Malware Config
C2 Extraction:
193.233.132.51
Unpacked files
SH256 hash:
6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2
MD5 hash:
5c0bf8e4019d0a819937abb99acbfc11
SHA1 hash:
90778ff67360547e1819de661e942e328a05c7a8
Link:
https://www.unpac.me/results/928784d8-6ac1-425a-bf61-7d392ba51ab2/
Malware family:
PrivateLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6b697a1ac25b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RiseProStealer

Executable exe 6b697a1ac25b3fed6764ba1331137fc393410abde0eab06f2c4bc7f2d8e58cb2

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/468084/

Comments