Extracted

• • Target

    file

  • Size

    2.2MB

  • MD5

    f2984a4bafd3c7287195d5816eb83c11

  • SHA1

    b783d4f80848e1af7dbf0a50f77c466ce71e0bbe

  • SHA256

    c846901a49c2366de9e754a6ca741a8dcaf5ce6a927dc2b32fff40ae321b06ff

  • SHA512

    bf3eb01ea2cbc4a54886908d560672a3801b72033544bddbf0cae19f58731de97ddfec02b05e1676213e3bb1d24ea758744f8fb82234dc3e0039c54c20f12150

  • SSDEEP

    49152:Oey7717KQ3OBs/NXbQwFmCKGigCN9oDoEkAnkgk0xXK//KmjBkqGMGnFRhl0:OJ7lRIs/GwFmC/iLM03N0huSMyq1Gnt+

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2