Extracted

• • Target

    70da6b29606b2fbf0e9bf1b2b7c275df98ad26b7d1e320e65543b210918b45db.exe

  • Size

    18.5MB

  • MD5

    a2f5e318bcddaec3c54872f56a7624f1

  • SHA1

    d31b1c4ac566c4e179608f7619f73c34cff3d686

  • SHA256

    70da6b29606b2fbf0e9bf1b2b7c275df98ad26b7d1e320e65543b210918b45db

  • SHA512

    8e34ff75184b48f013bf75f6507890090da6e9d4e894667b3d8a7aa08801172f6c8500d1ec7ab0ea1f2573c28c718e86b399bda297f3da1acbb825b532dd29a5

  • SSDEEP

    49152:Ix1BZ/3KMJESGkP9bKJPUyN1RL7HDUq1373ht:+bZ/6JSGkPRwPU2R3Q63h

  Score

  10^/10

  riseprodiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Enumerates processes with tasklist

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2