RisePro:
Curated IOCs

RisePro's Key IOCs & Sandbox Analysis

Sample HashSTIX JSON IOC DownloadIOCs
6542ce453a8d0e9d40f30b088e93048ebb64ebf2f6279df552b9f818a6145e82https://www.vmray.com/analyses/_vt/6542ce453a8d/report/stix-report-2-1.json193[.]233[.]132[.]253
6b6f0dee91b3d6a228c3ea8caae4db07c963d9991571339c238f5c735a33038ehttps://www.vmray.com/analyses/_vt/6b6f0dee91b3/report/stix-report-2-1.json147[.]45[.]47[.]93
9b7fc99774c864589fa2ed6a5c92cd0821a1f09611d5b34c37f715c68f70f1f3https://www.vmray.com/analyses/_vt/9b7fc99774c8/report/stix-report-2-1.json147[.]45[.]47[.]93
fd13d7cf78df7c365f1780276669ab4cc6cbad531f9cdc60d1dcb4e9eec70801https://www.vmray.com/analyses/_vt/fd13d7cf78df/report/stix-report-2-1.json193[.]233[.]132[.]74
dd78b392705ccde6829aaa6e5a9bd81a33343f2ba1aa8a45b8fe20cb8355ce34https://www.vmray.com/analyses/_vt/dd78b392705c/report/stix-report-2-1.json147[.]45[.]47[.]93
3dacf68502040ee5c167808d7814ed248cd71f4cfd3c025441747eb847555ae4https://www.vmray.com/analyses/_vt/3dacf6850204/report/stix-report-2-1.json193[.]233[.]132[.]216
  193[.]233[.]132[.]74
66e792786a978b4b4edcc5990cc2ce8d107976145acd5dc053649a4f8d6b7347https://www.vmray.com/analyses/_vt/66e792786a97/report/artifacts/stix-report-2-0-iocs.json193[.]233[.]132[.]167
/cost/lenin.exe
  193[.]233[.]132[.]62:57893
/hera/amadka.exe
  193[.]233[.]132[.]167
/cost/go.exe
  193[.]233[.]132[.]56
/Pneh2sXQk0/index.php
  193[.]233[.]132[.]62
30e5b1065e0d70d2854a6f8a256d6fdad7a0b83d208a772d292f741978683fdahttps://www.vmray.com/analyses/_vt/30e5b1065e0d/report/stix-report-2-1.json147[.]45[.]47[.]93
5d11d3500b6c0a448601c3c93ed548120d2e24be4d7985b27c092a1d22031dbahttps://www.vmray.com/analyses/_vt/5d11d3500b6c/report/stix-report-2-1.jsonagtrainingcentres[.]com
/clip[.]exe
e3cf477f81b92aadec14dcee22db7f41c74fbcdddae110da05e3695e294a7ea7https://www.vmray.com/analyses/_vt/e3cf477f81b9/report/stix-report-2-1.json5[.]42[.]96[.]55
/lumma0805[.]exe
  5[.]42[.]96[.]55
b4980cf355475d0879d2bac69fe4aacf7176c404da18ed6457756860428f406chttps://www.vmray.com/analyses/_vt/b4980cf35547/report/stix-report-2-1.json147[.]45[.]47[.]102
  147[.]45[.]47[.]93
b662fc479161e92aee6749fa4deb969c12a43eb4b34e913d1340671eba98b64chttps://www.vmray.com/analyses/_vt/b662fc479161/report/stix-report-2-1.json147[.]45[.]47[.]126
  5[.]42[.]96[.]141
/go34ko8/index[.]php
  5[.]42[.]96[.]7
/cost/sarra[.]exe
  5[.]42[.]96[.]7
/mine/amers[.]exe
  5[.]42[.]96[.]7
/cost/random[.]exe
  5[.]42[.]96[.]7
/cost/go[.]exe
70a0f8fd6eed4c25d8ffa4117f8b14bc289a18add0a6269e3eb698097085dce7https://www.vmray.com/analyses/_vt/70a0f8fd6eed/report/stix-report-2-1.json5[.]42[.]66[.]10
/download/th
/Retailer_prog.exe
  5[.]42[.]96[.]55
/lumma0805[.]exe
  5[.]42[.]66[.]10
  5[.]42[.]96[.]55
  5[.]42[.]96[.]54
  sofaprivateawarderysj[.]
shop/api
d10731ed80960b2fae5f0b589130e5b2f3c3f6c4e0cec16e68b361d6686334e8https://www.vmray.com/analyses/_vt/d10731ed8096/report/stix-report-2-1.json5[.]42[.]96[.]55
/lumma0805[.]exe
7b9765aa1888bef1c9d1948b1fbe216eda07f0adb648f74b671d47b07aab39abhttps://www.vmray.com/analyses/_vt/7b9765aa1888/report/stix-report-2-1.jsoneasy2buy[.]ae
  193[.]233[.]132[.]47

Related Research from VMRay Labs

VMRay Detection Highlights – April 2024

RisePro stealer malware is evolving rapidly, adopting new techniques to evade detection and even mimicking Amadey samples. We've updated our YARA rule to stay ahead of these changes, ensuring accurate detection of the latest RisePro variants within the VMRay Platform.

Subscribe to our IOC Newsletter for the latest intelligence on RisePro