Intel Name: Technical analysis of riseloader
Date of Scan: December 18, 2024
Impact: Medium
Summary: The “Technical Analysis of RiseLoader” explores the newly discovered malware family, which uses a network communication protocol similar to that of RisePro. Unlike RisePro, which primarily focuses on information theft, RiseLoader specializes in downloading and executing second-stage payloads. The analysis highlights the similarities between the two malware families, particularly their use of a TCP-based binary protocol. Given the discontinuation of RisePro in June 2024 and its connection to PrivateLoader, ThreatLabz assesses with moderate confidence that the same threat actor is behind both RisePro and RiseLoader.