Extracted

• • Target

    2b82a88465cd7f47c00ee34cced306bdd50c36a7e2314b758efbb3ef8ddb83dd

  • Size

    2.3MB

  • MD5

    5a4757070c91c41d402fe9eb9f5adf37

  • SHA1

    6cf2a22d66e508852d0b9e9a45e0cbdad791ded3

  • SHA256

    2b82a88465cd7f47c00ee34cced306bdd50c36a7e2314b758efbb3ef8ddb83dd

  • SHA512

    308de06592c0e18ab001bdc92f7d8e5620ded12ea42e7be39384c2049b8cdbaee310caa18c67b1243904c916c1c6496b30c7cd821bf02ae0ed308d7e56e02264

  • SSDEEP

    49152:6pVIQ8cFhNvt087ffdsXuRhXDLrf81znc5c+uwOwIQSuFoqJ7ugTfAAw:a8cFnAu78Rc5CeRJ7ugm

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2