MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RiseProStealer


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2
SHA3-384 hash: 667b58c9556e4bfe925aacfe4f93f293c1c60f3aca32465385dbd3b2aabf950e8f68b8ca6fec78c1e57afc628e84b95c
SHA1 hash: 318d7bde843e42439d82bed073b32cd46b5b397d
MD5 hash: 673c75af1fb2fc63349240f68e1b284f
humanhash: quebec-pizza-four-mirror
File name:673c75af1fb2fc63349240f68e1b284f.exe
Download: download sample
Signature RiseProStealer
Create hunting rule
File size:1'657'344 bytes
First seen:2023-12-16 07:00:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 646167cce332c1c252cdcb1839e0cf48 (8'473 x RedLineStealer, 4'851 x Amadey, 290 x Smoke Loader)
ssdeep 24576:SylprXbYF3V0L/iGqJ9ekv3xx5WpQPRj/hDgw5cJ+R2POMUr5nG0mkBVlNu2OsXM:5lprkF34qJrpnFkQ0qlGQjpuC
Threatray 582 similar samples on MalwareBazaar
TLSH T143752313AAE50873D8F16B7429FA01C31736BC510EA097B7674A966AAC35BD0E43137F
TrID 41.1% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
22.2% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
11.8% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
7.5% (.EXE) Win64 Executable (generic) (10523/12/4)
4.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):PE icon
dhash icon f8f0f4c8c8c8d8f0 (8'803 x RedLineStealer, 5'078 x Amadey, 288 x Smoke Loader)
Reporter abuse_ch
Tags:exe RiseProStealer


Avatar
abuse_ch
RiseProStealer C2:
91.92.249.253:50500

Intelligence

File Origin
# of uploads :
1
# of downloads :
341
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/467938/
Detection(s):
Sanesecurity.Malware.28840.BadO.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Agent.EAOQ.26295.2066.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
Launching a process
Sending a custom TCP request
Behavior that indicates a threat
Searching for the browser window
DNS request
Сreating synchronization primitives
Creating a file
Running batch commands
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
advpack anti-vm CAB control explorer installer lolbin packed rundll32 setupapi sfx shell32
Link:
https://www.filescan.io/uploads/657d4b2f7d4bdb7f8bf5176b/reports/78326a4a-c195-4570-be06-3ddbddbdf1b9/overview
Verdict:
Malicious
Labled as:
Malware
Link:
https://www.hybrid-analysis.com/sample/b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Healer AVKiller
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/676663fe-6d0f-4631-8b59-c1ea897a13d4
Result
Threat name:
RisePro Stealer, SmokeLoader, Vidar
Create hunting rule
Detection:
malicious
Classification:
phis.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1363282
Signature
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary is likely a compiled AutoIt script file
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Contains functionality to modify clipboard data
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Found API chain indicative of sandbox detection
Found malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies windows update settings
Multi AV Scanner detection for dropped file
PE file has a writeable .text section
PE file has nameless sections
Phishing site detected (based on logo match)
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected RisePro Stealer
Yara detected SmokeLoader
Yara detected Vidar stealer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1363282 Sample: gPKPlPjPJB.exe Startdate: 16/12/2023 Architecture: WINDOWS Score: 100 130 twimg.twitter.map.fastly.net 2->130 132 stun.l.google.com 2->132 134 abs.twimg.com 2->134 164 Snort IDS alert for network traffic 2->164 166 Found malware configuration 2->166 168 Antivirus detection for dropped file 2->168 170 13 other signatures 2->170 12 gPKPlPjPJB.exe 1 4 2->12         started        15 OfficeTrackerNMP131.exe 2->15         started        19 MaxLoonaFest131.exe 2->19         started        21 4 other processes 2->21 signatures3 process4 dnsIp5 112 C:\Users\user\AppData\Local\...\LO1Np78.exe, PE32 12->112 dropped 114 C:\Users\user\AppData\Local\...\5Xa0Fm9.exe, PE32 12->114 dropped 23 LO1Np78.exe 1 4 12->23         started        146 91.92.249.253 THEZONEBG Bulgaria 15->146 148 ipinfo.io 34.117.186.192 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 15->148 116 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 15->116 dropped 150 Multi AV Scanner detection for dropped file 15->150 152 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->152 154 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 15->154 156 Queries memory information (via WMI often done to detect virtual machines) 15->156 27 WerFault.exe 15->27         started        118 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 19->118 dropped 120 C:\...behaviorgraphE5mlmyVEsrsFEFHY1iXSUmqKfsVcj7l.zip, Zip 19->120 dropped 158 Tries to steal Mail credentials (via file / registry access) 19->158 160 Machine Learning detection for dropped file 19->160 162 Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes) 19->162 29 WerFault.exe 19->29         started        122 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 21->122 dropped 124 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 21->124 dropped 126 C:\...\qDcXk2t5m41k4RupDri8GtFDyBK3cKS9.zip, Zip 21->126 dropped 128 C:\...\Kmy0TLb8Psafc28V7rGczbesCoOaRKBK.zip, Zip 21->128 dropped 31 WerFault.exe 21->31         started        33 WerFault.exe 21->33         started        file6 signatures7 process8 file9 108 C:\Users\user\AppData\Local\...\jO1Jy07.exe, PE32 23->108 dropped 110 C:\Users\user\AppData\Local\...\3dZ84yO.exe, PE32 23->110 dropped 192 Multi AV Scanner detection for dropped file 23->192 194 Machine Learning detection for dropped file 23->194 35 jO1Jy07.exe 1 4 23->35         started        39 3dZ84yO.exe 15 39 23->39         started        signatures10 process11 file12 92 C:\Users\user\AppData\Local\...\2NI6142.exe, PE32 35->92 dropped 94 C:\Users\user\AppData\Local\...\1gw98mA2.exe, PE32 35->94 dropped 172 Binary is likely a compiled AutoIt script file 35->172 174 Machine Learning detection for dropped file 35->174 41 1gw98mA2.exe 12 35->41         started        44 2NI6142.exe 10 2 35->44         started        96 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 39->96 dropped 98 C:\Users\user\AppData\...\FANBooster131.exe, PE32 39->98 dropped 100 C:\Users\user\AppData\...\MaxLoonaFest131.exe, PE32 39->100 dropped 102 2 other malicious files 39->102 dropped 176 Multi AV Scanner detection for dropped file 39->176 178 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 39->178 180 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 39->180 182 3 other signatures 39->182 46 cmd.exe 39->46         started        48 cmd.exe 39->48         started        50 WerFault.exe 39->50         started        signatures13 process14 signatures15 196 Binary is likely a compiled AutoIt script file 41->196 198 Machine Learning detection for dropped file 41->198 200 Found API chain indicative of sandbox detection 41->200 202 Contains functionality to modify clipboard data 41->202 52 chrome.exe 41->52         started        54 chrome.exe 1 41->54         started        57 chrome.exe 41->57         started        67 6 other processes 41->67 204 Multi AV Scanner detection for dropped file 44->204 206 Detected unpacking (changes PE section rights) 44->206 208 Detected unpacking (overwrites its own PE header) 44->208 212 6 other signatures 44->212 210 Uses schtasks.exe or at.exe to add and modify task schedules 46->210 59 conhost.exe 46->59         started        61 schtasks.exe 46->61         started        63 conhost.exe 48->63         started        65 schtasks.exe 48->65         started        process16 dnsIp17 69 FANBooster131.exe 52->69         started        73 chrome.exe 52->73         started        136 192.168.2.4 unknown unknown 54->136 138 239.255.255.250 unknown Reserved 54->138 75 chrome.exe 54->75         started        86 2 other processes 54->86 78 chrome.exe 57->78         started        80 chrome.exe 67->80         started        82 chrome.exe 67->82         started        84 chrome.exe 67->84         started        88 3 other processes 67->88 process18 dnsIp19 104 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 69->104 dropped 106 C:\...\oKLFKUw5FP8NkRfQMS4fvLLzK6LE6hg8.zip, Zip 69->106 dropped 184 Multi AV Scanner detection for dropped file 69->184 186 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 69->186 188 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 69->188 190 5 other signatures 69->190 90 WerFault.exe 69->90         started        140 104.244.42.130 TWITTERUS United States 75->140 142 t.co 104.244.42.197 TWITTERUS United States 75->142 144 121 other IPs or domains 75->144 file20 signatures21 process22
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2/
Threat name:
Win32.Trojan.RiseProStealer
Create hunting rule
Status:
Malicious
First seen:
2023-12-16 07:01:06 UTC
File Type:
PE (Exe)
Extracted files:
139
AV detection:
16 of 23 (69.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wmmt7vvqnjvem3ahorlluaccag7ba3lbpkxhgsmmh5iywp37k7za._file
Verdict:
malicious
Similar samples:
1521933f23997a26e16971725acdeb119b82ab21f50283ee04aa7d73ce7484e5
RiseProStealer
70d432aaae6f900cb7d7e8cc0d4b78551d905d1ac9e208d4c73c4ead3b4f97a4
RiseProStealer
860a74f2c49fc7e3fc54b1d244a477a590a4410c583455eacd59772127842db4
RiseProStealer
aa6109131f311c7ec4cbd993ac6fb997dda5beefee5863895e36608288fcac8a
RiseProStealer
af1a26b503f91e02a849536f18cc7dc1557e6e370e91406bdc35026133747fa0
RiseProStealer
f127cc97b1804964609ab8d528fd50cb1f3310ec2e710eb55c443c8d53362d98
RiseProStealer
f977db2d43fc46345f2711d8f6ade913ad807ab9b1f0988e2fd01fc45406faa0
RiseProStealer
+ 572 additional samples on MalwareBazaar
Result
Malware family:
smokeloader
Create hunting rule
Score:
  10/10
Tags:
family:lumma family:redline family:smokeloader botnet:@oleh_ps backdoor brand:google collection discovery evasion infostealer persistence phishing spyware stealer trojan
Link:
https://tria.ge/reports/231216-hs7x9sccc3/
Behaviour
outlook_win_path
Checks SCSI registry key(s)
Creates scheduled task(s)
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
Enumerates physical storage devices
Program crash
AutoIT Executable
Suspicious use of NtSetInformationThreadHideFromDebugger
Accesses Microsoft Outlook profiles
Adds Run key to start application
Checks installed software on the system
Looks up external IP address via web service
Drops startup file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Windows security modification
Detect Lumma Stealer payload V4
Detected google phishing page
Lumma Stealer
Modifies Windows Defender Real-time Protection settings
RedLine
RedLine payload
SmokeLoader
Malware Config
C2 Extraction:
http://185.215.113.68/fks/index.php
176.123.7.190:32927
http://soupinterestoe.fun/api
http://dayfarrichjwclik.fun/api
http://neighborhoodfeelsa.fun/api
Unpacked files
SH256 hash:
fb2ffd61b1600b318a5814d60601afd0d9b4602b6fb4bf8e13f21da7fff2cabd
MD5 hash:
51056dd7b1a40e49623a28e27ef8aa19
SHA1 hash:
4f603d1c71429f03a7762347845ba1d0f8c47b10
Detections:
AutoIT_Compiled
Create hunting rule
Link:
https://www.unpac.me/results/cd4e6ba1-ee22-411f-a8bc-3edad17a17c4/
Parent samples :
f127cc97b1804964609ab8d528fd50cb1f3310ec2e710eb55c443c8d53362d98
af1a26b503f91e02a849536f18cc7dc1557e6e370e91406bdc35026133747fa0
70d432aaae6f900cb7d7e8cc0d4b78551d905d1ac9e208d4c73c4ead3b4f97a4
860a74f2c49fc7e3fc54b1d244a477a590a4410c583455eacd59772127842db4
1521933f23997a26e16971725acdeb119b82ab21f50283ee04aa7d73ce7484e5
d6bf6348e3239e54a171e41be3c23d4a515a44c495075afa639a9d2946f4ce2a
dfac5e31b117e359591781d0e6614b49226d3ef3461f2d020133f5044be3befc
aa6109131f311c7ec4cbd993ac6fb997dda5beefee5863895e36608288fcac8a
b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2
8c1bedb10049179dfe9df52eb7611d6e18ac8339b184f50a6bcbaf9a89854cf2
fec610ca26bf6c17e72f75f72a5ba1ccf4500fb3510420b29686e09338d14128
c1ffd458cc441fe5d967825862acbc540728517d0f8ec95621bd6edd1a724767
2a57a5e703adac0bd9c5a0b9a710dfe8700a1dfb21af471b9883e6d6b86c78cc
b90fc851dee3bbb480aac668be792e552bde6c4571ec9f1847da7da7f964a24f
0cd714e33c9ebb3b55d89c349099a96bf4540512eac2baee479503303116e3a8
58c5ece596efec8db43e1ab97c35ac8253b761d518a7a8ef5e311a8e274fd1a7
c085fb1e6d999dd96f4213e5f1d3d0ae061ddccc571d20eb86e645149d4fc494
953ed6e4cb1aa5d21a529c8de8c3f06176a623388810e9549f3bd91a8715c9b2
d9ad55fb79af764ef60e3508973f162266bc8a2db17155612c6b5b7155e12c1d
9f6a32eebd13b63b6f6c79c282d6059419db613fa8ac78015cc8f99bfff8a124
291c90471067e7f436eb304a29c3df2b25a0176b370453d41c218202abec8e08
82bf998ee07f0549a68b9904d760f7b0fd47ee68f08a59a26de171b6dc8ea3db
01497dea122f92d36b4e0ae4eade31511b2db302e6f7f87a695e817065834281
486271a3873f946e14f5662e2498d75c29323402c778bdf6ce0905b37619fc3a
fc1af115d47f4f6f00b3c2a06c64b4b580b76a16f8e1c122670ced300f4abf57
7d43625f6587b6539d7bc6037dcb8b0eb317a035c5deb69f79e307afa4ac4d45
949edc5ede31cf9316dedc155d8d4ca93f8da0464d2ef0d8bff52dfddcac8e41
f782933fb6a551cd97aabaf041ce9521694203199fe8a62efdfdd9dda00548e0
8957d43878c36ee0ae11246393c9c1ce600536ab817435417e50af86a3f1b055
e96789d697301017c3c5f2332f7f74fd5aabbee70373e2d7af8c7ebd24ab22e0
be71f36ddea88c4ba342394e20352d60fa7cd61cba70454eba270f9f4996b293
a58ffa444d6514a0b092f8fa84c0a15853f5141c86abcbcf0c5b4dcc312aaf3c
44365f98d16e475a1638df59aca02415388a327b2f3738acbea8dfddec202654
7cfa46dfb53c0efee3d57af2aa83f9513c27c91e569e952c22e4b022d16e6e27
433895b81e5ef461f97327e064b25cb40284a44049e6231c0c60e6f54517138a
ce55ffbc3e022895e8e50711a4daf9b3afa4b83f42c6f0c98e76a710ae03821d
689a8c848e6cf7d5ddbdceb90aa8513c1b83a9dbe72f57a70ab419264819d107
93bb322e419ca964ae2a6340febd60d216ce342706ca4efe9c6df1fec38d238e
550e893759da573a62c1c16144f5e8fa65e6df3eabd53c60648b9ac6748c1b8c
ed73c1f42bef4d474a0eb9d82ff1257f291b9b13b3dfa73d378afbe061766f5a
5fa66d59f80ba0bb65efc157dc43cc0eeab813bfe110ef92a3765edceba281cc
SH256 hash:
cab42111096719a64a56242a24ac39a8dca7a70a98699812ce33f6003fff697b
MD5 hash:
4e90719d81e5b3bbf72a5d306e69a226
SHA1 hash:
77249b54fe67f35e039bb7749074b90b98effca0
Detections:
INDICATOR_EXE_Packed_ConfuserEx
Create hunting rule
Link:
https://www.unpac.me/results/cd4e6ba1-ee22-411f-a8bc-3edad17a17c4/
Parent samples :
f127cc97b1804964609ab8d528fd50cb1f3310ec2e710eb55c443c8d53362d98
af1a26b503f91e02a849536f18cc7dc1557e6e370e91406bdc35026133747fa0
70d432aaae6f900cb7d7e8cc0d4b78551d905d1ac9e208d4c73c4ead3b4f97a4
860a74f2c49fc7e3fc54b1d244a477a590a4410c583455eacd59772127842db4
1521933f23997a26e16971725acdeb119b82ab21f50283ee04aa7d73ce7484e5
d6bf6348e3239e54a171e41be3c23d4a515a44c495075afa639a9d2946f4ce2a
dfac5e31b117e359591781d0e6614b49226d3ef3461f2d020133f5044be3befc
aa6109131f311c7ec4cbd993ac6fb997dda5beefee5863895e36608288fcac8a
b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2
8c1bedb10049179dfe9df52eb7611d6e18ac8339b184f50a6bcbaf9a89854cf2
fec610ca26bf6c17e72f75f72a5ba1ccf4500fb3510420b29686e09338d14128
c1ffd458cc441fe5d967825862acbc540728517d0f8ec95621bd6edd1a724767
2a57a5e703adac0bd9c5a0b9a710dfe8700a1dfb21af471b9883e6d6b86c78cc
b90fc851dee3bbb480aac668be792e552bde6c4571ec9f1847da7da7f964a24f
0cd714e33c9ebb3b55d89c349099a96bf4540512eac2baee479503303116e3a8
58c5ece596efec8db43e1ab97c35ac8253b761d518a7a8ef5e311a8e274fd1a7
c085fb1e6d999dd96f4213e5f1d3d0ae061ddccc571d20eb86e645149d4fc494
953ed6e4cb1aa5d21a529c8de8c3f06176a623388810e9549f3bd91a8715c9b2
d9ad55fb79af764ef60e3508973f162266bc8a2db17155612c6b5b7155e12c1d
9f6a32eebd13b63b6f6c79c282d6059419db613fa8ac78015cc8f99bfff8a124
550e893759da573a62c1c16144f5e8fa65e6df3eabd53c60648b9ac6748c1b8c
SH256 hash:
f143396015db245f7229fff51e7c7e0b624e871ef31f3ab2092fef842dbe589f
MD5 hash:
a059a941503bc6c9c3db642777ee20ff
SHA1 hash:
2d1e6372abfe27e6d5ca0f56390969751f5d5130
Detections:
win_smokeloader_a2
Create hunting rule
Link:
https://www.unpac.me/results/cd4e6ba1-ee22-411f-a8bc-3edad17a17c4/
Parent samples :
af1a26b503f91e02a849536f18cc7dc1557e6e370e91406bdc35026133747fa0
70d432aaae6f900cb7d7e8cc0d4b78551d905d1ac9e208d4c73c4ead3b4f97a4
d6bf6348e3239e54a171e41be3c23d4a515a44c495075afa639a9d2946f4ce2a
f977db2d43fc46345f2711d8f6ade913ad807ab9b1f0988e2fd01fc45406faa0
dfac5e31b117e359591781d0e6614b49226d3ef3461f2d020133f5044be3befc
aa6109131f311c7ec4cbd993ac6fb997dda5beefee5863895e36608288fcac8a
b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2
fec610ca26bf6c17e72f75f72a5ba1ccf4500fb3510420b29686e09338d14128
b90fc851dee3bbb480aac668be792e552bde6c4571ec9f1847da7da7f964a24f
0cd714e33c9ebb3b55d89c349099a96bf4540512eac2baee479503303116e3a8
c085fb1e6d999dd96f4213e5f1d3d0ae061ddccc571d20eb86e645149d4fc494
d9ad55fb79af764ef60e3508973f162266bc8a2db17155612c6b5b7155e12c1d
550e893759da573a62c1c16144f5e8fa65e6df3eabd53c60648b9ac6748c1b8c
SH256 hash:
b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2
MD5 hash:
673c75af1fb2fc63349240f68e1b284f
SHA1 hash:
318d7bde843e42439d82bed073b32cd46b5b397d
Detections:
win_redline_wextract_hunting_oct_2023
Create hunting rule
Link:
https://www.unpac.me/results/cd4e6ba1-ee22-411f-a8bc-3edad17a17c4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RiseProStealer

Executable exe b3193fd6b06a6a466c077456ba004201be106d617aae73498c3f518b3f7f57f2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2738241/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/467938/

Comments