Extracted

• • Target

    34f3b79dd4f0e43728e705294959e8bfc50cc4ac6436d61034cd0f7c1d56cd9b

  • Size

    2.2MB

  • MD5

    58e0bd2d7b286dfc7a1442d1316f642a

  • SHA1

    976b4e4278acd5e0c92a302a1ea7d3b00faedc2e

  • SHA256

    34f3b79dd4f0e43728e705294959e8bfc50cc4ac6436d61034cd0f7c1d56cd9b

  • SHA512

    46e5bbbd259c09b90482f2685686b8958bab85153e9ad59687da39fae796aaa5788189bdfe28371a1315240abe6013ea613392b2ba403b300ee1ad4225703b20

  • SSDEEP

    49152:mXab3iQl9yTxQP9qloa/TpK3Do3LZ5lZ2q5355z8gH/wKX:gariRQlqlo46o3tZ2GLzj/5

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2