Extracted

• • Target

    19116581fbdb4c2acad3b938824d25909b94b05ed65a11c8a1f90d766810742b.exe

  • Size

    2.2MB

  • MD5

    d44e193c467591433341367a22244d2e

  • SHA1

    4fd40e32a725662c4daf29187cfbf030b021dd21

  • SHA256

    19116581fbdb4c2acad3b938824d25909b94b05ed65a11c8a1f90d766810742b

  • SHA512

    77e2a21077b7bd964dda806cfe9052093cfe6bccc0793e1c89b24fdbd710046092a6ba4a86269ac8d5aec7bcb2f1a433a1142693cb9a76b19901d8c0a0e05d5b

  • SSDEEP

    49152:AEO7kNbOnDT3Rn71zg+OVUHUo8yrnhjJ7m1kN1RlOSMB:AE8kNCn/hnR8+OVvybJN3EB

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2