Extracted

• • Target

    308946583c95f297b0f7dfce09f44b40N.exe

  • Size

    4.8MB

  • MD5

    308946583c95f297b0f7dfce09f44b40

  • SHA1

    0a6256bc4da3494659356768787238f5dc26fc5e

  • SHA256

    d63c6526ccf4bee6d7b0ea1392c3c7bae58f238330afad83e1185ea7b54e7593

  • SHA512

    97d3e4e650f107d8df36b20a7d4be18d157658d08cd7dfe453ee2c30544c981b4ecdaa914c6f9adb7dbd8c3f4f3424cb9cc30a060c222f2181852c52c5f37976

  • SSDEEP

    49152:Ix1BZ/3KMJESGkP9bKJPUyN1RL7HDUq1373ht:+bZ/6JSGkPRwPU2R3Q63h

  Score

  10^/10

  riseprodiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2