Extracted

• • Target

    ca736e745f46577c9495824f9941a56b6dcf52c7ec0459221eb2ff16983c4e89.exe

  • Size

    2.3MB

  • MD5

    c3b15700e16bcf701110ba5885548473

  • SHA1

    e275cb2e58686e1410959f2d1a7ab0f5ee5072c5

  • SHA256

    ca736e745f46577c9495824f9941a56b6dcf52c7ec0459221eb2ff16983c4e89

  • SHA512

    c61ea455b3d6b9c872841e7b5c8171dd90b89a4f4aa7dc197700a6367fd1a20ebf4db3be820de3595c0b54b851e082a9b5d27b7cdd172e64921d5dc6b145c6e1

  • SSDEEP

    49152:1tNjudw+TeIsz5y48CU+1VvWlLt0YiO7N+9k/tm5lxMTGiR9X:kCTy48CU+1VIJ0XO8uVm5/uGiH

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2