Extracted

• • Target

    1ac3a9da4850225df4dc40ecc901c437e4893a1da7a2ea57f3c6ac8a2923d5bc

  • Size

    3.8MB

  • MD5

    d8bf63db04e2c8a96ddeeee167e56a2e

  • SHA1

    5b139b25876f334a362e0e6b3695c66aa9bcd44e

  • SHA256

    1ac3a9da4850225df4dc40ecc901c437e4893a1da7a2ea57f3c6ac8a2923d5bc

  • SHA512

    2f718474b10ca202be21836e7d206d99cd8ae3bf5d7e96d2ec02ed2f4f348b6becd2144067eb49bd1ee5edbdcf96cbaad48a9cf9a9718850975afd92d42f056a

  • SSDEEP

    98304:aKXfAViOqDibBdDxNrDK/5YR3LLuplIM3yaKUSFPMtTFSr3Ek:aKXvOWibxNrD4KRPoC5ySpmTFE

  Score

  10^/10

  riseproevasionstealertrojan

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2