Extracted

• • Target

    c16a1b01ebf91ffb10225e2f8c0d0419b9d5a9aa082647cd636824f1cf2a43b0.exe

  • Size

    2.3MB

  • MD5

    e9c4971d0d0a973ae4da874ded42ee2d

  • SHA1

    3952f13153cda968d537bc2d7a94605b1637afdb

  • SHA256

    c16a1b01ebf91ffb10225e2f8c0d0419b9d5a9aa082647cd636824f1cf2a43b0

  • SHA512

    bf995ae1dbcc1e7d8c339c36595078c89649b52d61a2f3ea183d685c68b422e44f873f33d0a5821121a2c3043a7b716e19f3ae0a90487d8a44407a846f4ed910

  • SSDEEP

    49152:EtNjudw+TeIsz5y48CU+1VvWlLt0YiO7N+9k/tm5lxMTGiR9X:LCTy48CU+1VIJ0XO8uVm5/uGiH

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2