Extracted

• • Target

    759d952e9f3d5985ee40f8c79e90ec327c8010a7ea40c36f24a773c25b31d143

  • Size

    4.9MB

  • MD5

    40a21dc4274cf6e85bd88a04be5d0db3

  • SHA1

    8c2a7c04fad48aa1e7379b38ac7506ee3a5dbe7c

  • SHA256

    759d952e9f3d5985ee40f8c79e90ec327c8010a7ea40c36f24a773c25b31d143

  • SHA512

    55919e372b4ab666f9c1cae17129a848390a0a30cd62dd38f218bdc04544de17dca310370f2ffefd0879d957b0c340ceb1fd69a12c8ded99be05b4e786497fb1

  • SSDEEP

    98304:G3NYiICv2T0bc/uaMKJiNQqjxpAda2CLpI1ouW6ttx5Gag23J:Gntuw4GKJiNQqjxp6UI1op6tjoO3J

  Score

  10^/10

  riseproevasionstealerthemidatrojan

  • Detects DLL dropped by Raspberry Robin.

    Raspberry Robin.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2