Extracted

• • Target

    3d87c4de561da20b907801c5c61e24f3f6177b51bb8021065a2f50e93b0dd5ba.exe

  • Size

    17.4MB

  • MD5

    15a01b2771ec303681acbb3becc1e19e

  • SHA1

    971b84f12db0384c32831e0cf62302aba24d815a

  • SHA256

    3d87c4de561da20b907801c5c61e24f3f6177b51bb8021065a2f50e93b0dd5ba

  • SHA512

    abf63f21261307f9f053abaabf05a26ca9ba342cd2e84ba01c787f50e42e4a0dddb4abc6c4d747ea694fda4bca7ad02ed3880e77b4d255b875580abb185134e3

  • SSDEEP

    49152:Ix1BZ/3KMJESGkP9bKJPUyN1RL7HDUq1373ht:+bZ/6JSGkPRwPU2R3Q63h

  Score

  10^/10

  riseprodiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2