Extracted

• • Target

    972cd69f7de188b017b0e19f7fe17808b10afc9d98a299498d4c468df83c61f5

  • Size

    2.3MB

  • MD5

    89132cccbe767274896da1b84508923b

  • SHA1

    96c69ebe519eb52c33fcbb0618584707c3f8f550

  • SHA256

    972cd69f7de188b017b0e19f7fe17808b10afc9d98a299498d4c468df83c61f5

  • SHA512

    14f4f6c281847e630cfb38235280e38adcc8a522f1d6faa4d6281c761a4edbb8b7b11e7e3882342f94faa3b7d48bca284662ef3a1b6b9e8c253094813372c8be

  • SSDEEP

    49152:TGY5918NqwTEgTcQ5HstsxFgTXFu1J9TcFEryt32QAvJ3MlEi:whTPFUsxaXQ1J9oF+ysQApOEi

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2