Extracted

• • Target

    tmp

  • Size

    3.0MB

  • MD5

    2376b6fc75cbd03025bd14a1c5978625

  • SHA1

    5de178194a8cafba178cadbbbbe3473b30fc37c7

  • SHA256

    ee38273971571ae0dd635f1dd08d8f543ee068037ee269aa043b78dcadbf54dc

  • SHA512

    5fa48b726a3922461532ca7116d17db32607c354811f644174e6836a882ecad7adf331eea029e66d77697f06aff596d5d2eaf402768ba48ef676980f1b8acc5d

  • SSDEEP

    49152:Hq1Pt32XmaxCUdYOMVsENVi24ycXaMhXP0Gi7azY:Kh0pxCUdYOMVLVi24yMZcGxY

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2