Extracted

• • Target

    1e8307af76622c0e7c5ef8112478e030N.exe

  • Size

    4.8MB

  • MD5

    1e8307af76622c0e7c5ef8112478e030

  • SHA1

    2cfeaa4565ff2cc44e75c3f468352e1541cd801f

  • SHA256

    8347a42ad121241eeb1a86dce3bc89861cdb3e41ff5357088a41e355e1677959

  • SHA512

    ba7dd39f09efd410c0a30f5b0763227ea6edc82703497fa06449da7f1166fd7405c4de66f9158905ca581a255d6ee8b039e8a5d28e2e4bfe435f76a4ae57adc6

  • SSDEEP

    49152:Ix1BZ/3KMJESGkP9bKJPUyN1RL7HDUq1373ht:+bZ/6JSGkPRwPU2R3Q63h

  Score

  10^/10

  riseprodiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2