Extracted

• • Target

    ede914d1d1c128dd80e5c4cd718df12f17b4d3e5fdc7ab060e36e310d66d061c.exe

  • Size

    2.3MB

  • MD5

    50c46c72091b7722fda46a51c0c632f5

  • SHA1

    9c9524702b7364218dfa650025ea56be5f219279

  • SHA256

    ede914d1d1c128dd80e5c4cd718df12f17b4d3e5fdc7ab060e36e310d66d061c

  • SHA512

    5aa1a1485f820d80e5f45f65e106c6811b8027ed290e32a56910c391247869c4827cbcda462502dddc34c4b987d3b9da605ef337b6930049d18e784437d68bbf

  • SSDEEP

    49152:ztNjudw+TeIsz5y48CU+1VvWlLt0YiO7N+9k/tm5lxMTGiR9X:2CTy48CU+1VIJ0XO8uVm5/uGiH

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2