Extracted

• • Target

    47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d.exe

  • Size

    2.2MB

  • MD5

    3462e5905a1627fb9203326d5b059337

  • SHA1

    736dffa4658440b9d2991628117b8534b1374b11

  • SHA256

    47506422497eefbc000cddf5adc8c24b03686e4c5791ee8241e4998caede618d

  • SHA512

    73320915b9a90814d9cbcbdbc6f6056f86478b4c5f83ddeb39db5b702bd66aae19103fc2bf767d2b47786471a858269ede2ce0377cd4a7a96f8602e802e9bf63

  • SSDEEP

    49152:WjYehOISUSrMl6ge5g+3CqVTegLFAmJNFEUnf9k17wUW:WUeJS0z+3C2eenJMUnf92wUW

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2