RisePro Information Stealer

    Monday, July 29, 2024 In: Threat Research Print

    Date: 07/04/2024

    Severity: Medium

    Summary

    RisePro Information Stealer is a type of malware designed to secretly steal sensitive data from infected computers. It operates covertly, collecting information such as passwords and financial data, and typically spreads through phishing emails or malicious downloads. Users can protect against it by using strong antivirus software and being cautious with email attachments and downloads from unknown sources.

    Indicators of Compromise (IOC) List

    IP Address

    5.42.92.73

    37.120.237.196

    94.156.8.188

    95.216.41.236

    101.99.92.169

    147.45.47.80

    147.45.47.116

    185.196.9.38

    185.221.198.67

    194.33.191.159

    Hash

    2229327fa653ffd07f11773ee22eb00e580b6824ce122a1e788f19859aa9dca2

5e1a1b2e2c20bc50b54e02393fa6f26a2b8c2f4d87f2abdecaca73472b5c5dba

a36d5e790ca17fb6f70884942d868d29c6854054f2db79ed8f4e2d0d16ef1647

4f0e839393df72db99a05ade0848979ff375399b104e59a7cc3847d746c17e5c

56108c707fcaf87b2220c081db115171ff35811946b3ad2d76105715e8530fbe

b4ad80860c773c79c946c3a4df13e534153bd17ceebad6acedac3156dfe0144c

77e97faca59d8de34ddc7272791efac41da9ff5b7b175a99e09a255e2701d725

a78513831b47f4b35ee9063aa167bf5d05c61559b2ac7f8fb93fa966a36e34d2

30baf54d50379893b23b24203611da331d436dfc35f2d0a805bac4da0d310489

c48eb226b641b382fd4155f10c96aacc585c6e65814865cd762e88b8a5cffd14

6b82e6f228cbb8143b68e1739f3d083cf6ab0ba9c202ce1ec769bb12c9030619

5719a862d5a32ec56328f8e066a83b6b0577a6965074ca671d0cecce681d5f79

9d540839e75daf4f31eb36271fef6eb16a913446384d07e4d8dbb2602f18bf0f

15dfbd2df433c9725239d6602bdfc56d00db62f88a1769a534d98cad50536c27

c7a40fb4aa017a0d17b535c1857d51f95b7ed8684a1ea860294bf5d897667839

6113bc3f3f972393acff5022f5ba95fb96c3d9038386ada49ccf244fa5f885fa

ce930238a02a55d7b6f13fdf9b3306de61c5c25513ed396c7e9a8dbd4c45dbd9

19c98cba0d8037a36b00d2c11cc24d25e1f388ba5093a4b6e9017508371fb34b

d2cbb7a5ef2ecdf7c6f8c965df5886a18ea0e630009cdedb3692ed1b8c77b487

078b3f37483cfc697fbd67120311e6109843804f5cae9c46f04fa1b51ba7120a

d435d7cf9077533a7c23129a8d7462e7596505e3990664dd5888fce40652bb14

d7c3c01d62fb59e186b2256894fb089c01e1aeda5dbd86a3004f1857a13313ad

0d5bb8b8da18abd1f3934103c501abf9b9cd3a6e1656853359a568dca3229765

cb21be437c800875400a94b2442bbe02ccaf31ee49e1f440aac378fc2b0b756d

F87dd2b6a63e850b6c2128ec139c6334b572b1c80698fcc30de6f39ffc788f4f

4f97a7f893939680bf36ccc03af19cc2d9ae3e4c7696fefc79ff5750ace15bae

ee7133b9044b292b9a84879a4c81856517c147d994e6565f7250c2981849f6fc

aa5ddc6b84299545da8c1ff54902d2689815edaf3f59784499c21fff1acb64a2

71962e346aff1abde8b22e80fc99df7d7704b03dc5cad2c9404ee8df80619b5b

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address

    dstipaddress IN (“5.42.92.73”) or ipaddress IN (“5.42.92.73”) or publicipaddress IN (“5.42.92.73”) or srcipaddress IN (“5.42.92.73”)

    dstipaddress IN (“37.120.237.196”) or ipaddress IN (“37.120.237.196”) or publicipaddress IN (“37.120.237.196”) or srcipaddress IN (“37.120.237.196”)

    dstipaddress IN (“94.156.8.188”) or ipaddress IN (“94.156.8.188”) or publicipaddress IN (“94.156.8.188”) or srcipaddress IN (“94.156.8.188”)

    dstipaddress IN (“95.216.41.236”) or ipaddress IN (“95.216.41.236”) or publicipaddress IN (“95.216.41.236”) or srcipaddress IN (“95.216.41.236”)

    dstipaddress IN (“101.99.92.169”) or ipaddress IN (“101.99.92.169”) or publicipaddress IN (“101.99.92.169”) or srcipaddress IN (“101.99.92.169”)

    dstipaddress IN (“147.45.47.80”) or ipaddress IN (“147.45.47.80”) or publicipaddress IN (“147.45.47.80”) or srcipaddress IN (“147.45.47.80”)

    dstipaddress IN (“147.45.47.116”) or ipaddress IN (“147.45.47.116”) or publicipaddress IN (“147.45.47.116”) or srcipaddress IN (“147.45.47.116”)

    dstipaddress IN (“185.196.9.38”) or ipaddress IN (“185.196.9.38”) or publicipaddress IN (“185.196.9.38”) or srcipaddress IN (“185.196.9.38”)

    dstipaddress IN (“185.221.198.67”) or ipaddress IN (“185.221.198.67”) or publicipaddress IN (“185.221.198.67”) or srcipaddress IN (“185.221.198.67”)

    dstipaddress IN (“194.33.191.159”) or ipaddress IN (“194.33.191.159”) or publicipaddress IN (“194.33.191.159”) or srcipaddress IN (“194.33.191.159”)

    Hash

    sha256hash IN (“2229327fa653ffd07f11773ee22eb00e580b6824ce122a1e788f19859aa9dca2”)

sha256hash IN (“5e1a1b2e2c20bc50b54e02393fa6f26a2b8c2f4d87f2abdecaca73472b5c5dba”)

sha256hash IN (“a36d5e790ca17fb6f70884942d868d29c6854054f2db79ed8f4e2d0d16ef1647”)

sha256hash IN (“4f0e839393df72db99a05ade0848979ff375399b104e59a7cc3847d746c17e5c”)

sha256hash IN (“56108c707fcaf87b2220c081db115171ff35811946b3ad2d76105715e8530fbe”)

sha256hash IN (“b4ad80860c773c79c946c3a4df13e534153bd17ceebad6acedac3156dfe0144c”)

sha256hash IN (“77e97faca59d8de34ddc7272791efac41da9ff5b7b175a99e09a255e2701d725”)

sha256hash IN (“a78513831b47f4b35ee9063aa167bf5d05c61559b2ac7f8fb93fa966a36e34d2”)

sha256hash IN (“30baf54d50379893b23b24203611da331d436dfc35f2d0a805bac4da0d310489”)

sha256hash IN (“c48eb226b641b382fd4155f10c96aacc585c6e65814865cd762e88b8a5cffd14”)

sha256hash IN (“6b82e6f228cbb8143b68e1739f3d083cf6ab0ba9c202ce1ec769bb12c9030619”)

sha256hash IN (“5719a862d5a32ec56328f8e066a83b6b0577a6965074ca671d0cecce681d5f79”)

sha256hash IN (“9d540839e75daf4f31eb36271fef6eb16a913446384d07e4d8dbb2602f18bf0f”)

sha256hash IN (“15dfbd2df433c9725239d6602bdfc56d00db62f88a1769a534d98cad50536c27”)

sha256hash IN (“c7a40fb4aa017a0d17b535c1857d51f95b7ed8684a1ea860294bf5d897667839”)

sha256hash IN (“6113bc3f3f972393acff5022f5ba95fb96c3d9038386ada49ccf244fa5f885fa”)

sha256hash IN (“ce930238a02a55d7b6f13fdf9b3306de61c5c25513ed396c7e9a8dbd4c45dbd9”)

sha256hash IN (“19c98cba0d8037a36b00d2c11cc24d25e1f388ba5093a4b6e9017508371fb34b”)

sha256hash IN (“d2cbb7a5ef2ecdf7c6f8c965df5886a18ea0e630009cdedb3692ed1b8c77b487”)

sha256hash IN (“078b3f37483cfc697fbd67120311e6109843804f5cae9c46f04fa1b51ba7120a”)

sha256hash IN (“d435d7cf9077533a7c23129a8d7462e7596505e3990664dd5888fce40652bb14”)

sha256hash IN (“d7c3c01d62fb59e186b2256894fb089c01e1aeda5dbd86a3004f1857a13313ad”)

sha256hash IN (“0d5bb8b8da18abd1f3934103c501abf9b9cd3a6e1656853359a568dca3229765”)

sha256hash IN (“cb21be437c800875400a94b2442bbe02ccaf31ee49e1f440aac378fc2b0b756d”)

sha256hash IN (“F87dd2b6a63e850b6c2128ec139c6334b572b1c80698fcc30de6f39ffc788f4f”)

sha256hash IN (“ee7133b9044b292b9a84879a4c81856517c147d994e6565f7250c2981849f6fc”)

sha256hash IN (“aa5ddc6b84299545da8c1ff54902d2689815edaf3f59784499c21fff1acb64a2”)

sha256hash IN (“71962e346aff1abde8b22e80fc99df7d7704b03dc5cad2c9404ee8df80619b5b”)

    Reference:

    https://blogs.blackberry.com/en/2024/06/threat-analysis-insight-risepro-information-stealer

    https://xfe-integration.xforce.ibm.com/osint/guid:80f084bc538cf5a3229abf427c4e6b2f

    https://threatmon.io/risepro-stealer-malware-analysis-report/

    https://www.hyas.com/blog/risepro-malware-campaign-on-the-rise

    https://any.run/malware-trends/risepro

     

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.