Extracted

• • Target

    778920cf4c29b96160cf9e8a5ec469b91f0ce42c3866c72910b9464720873d70

  • Size

    2.3MB

  • MD5

    5cdbb86df475e4045df0405677ca1f95

  • SHA1

    0768cfb1e510542e3f3188fc1426b9becbdcfc75

  • SHA256

    778920cf4c29b96160cf9e8a5ec469b91f0ce42c3866c72910b9464720873d70

  • SHA512

    1d93197c7ab4e753d8cd181609d69aa40668f18cd95ac93ff5ce24f1e3268c02af1f74a8f8e761063aa00141d3d5391af6151f692646ebdc177f24e7b9d7c12e

  • SSDEEP

    49152:fg69SebPPiKgYyvVtS2PV8h2AHfxvWHCnPQCf+Sc9FopqTY:fg69SebiFK4VUXHhNPw/opcY

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2