Extracted

• • Target

    3465b8401f4a4fdf430a1d9b290fdc5eb0b14c65e59f1a8d22d2326e6b8901cc

  • Size

    2.0MB

  • MD5

    288efaa07033b852144f21b84879e7ee

  • SHA1

    b73ec50804af41d300151b01ff2b045e21151047

  • SHA256

    3465b8401f4a4fdf430a1d9b290fdc5eb0b14c65e59f1a8d22d2326e6b8901cc

  • SHA512

    51c7e2dd02418d7324670bc0a9698e801ee910397d8c7f285c38daed2df74534c978ae6fec8ae095473cf4916eccc3715c788c45d4a4216ce2c76d7ea02e8d81

  • SSDEEP

    49152:pB5LeDUUNAK0R8s7nDf5L+vpJ010HFUX20h3g/eVykcHJNs6NEx:p/LewUNAKJKDNEESK/9GNpCyE

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  behavioral1behavioral2