Extracted

• • Target

    81200273f9dd78935d8bc3b61ab7bd15c4e24be31c4a10fb55504595370e977b.exe

  • Size

    16.3MB

  • MD5

    63348a3de870f9d1a0e8dc66584529b7

  • SHA1

    1610b479e8415bec8a184cc00cecdef2865354f2

  • SHA256

    81200273f9dd78935d8bc3b61ab7bd15c4e24be31c4a10fb55504595370e977b

  • SHA512

    5d76304de2f6355afded183a4fd7a35ee0d18740023cfb0d0b4de7150ab2a034b55be8b6c610a613bdcf3eeb6f392a8f3ea46c18504688af270c078ea9f2875e

  • SSDEEP

    49152:Ix1BZ/3KMJESGkP9bKJPUyN1RL7HDUq1373ht:+bZ/6JSGkPRwPU2R3Q63h

  Score

  10^/10

  riseprodiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2