Extracted

• • Target

    597e094a98f56c0ef8b89cedd7c96d14fca1f5dd25e6e120525246d47de6ba96

  • Size

    2.3MB

  • MD5

    adb680e5c7586df1d183ad1ef4807648

  • SHA1

    df9c9e796c877100ebe80a457d57d9358401be50

  • SHA256

    597e094a98f56c0ef8b89cedd7c96d14fca1f5dd25e6e120525246d47de6ba96

  • SHA512

    d3b8383de7a18ea724cbc3cdfee753c45c0ff7289e338863492d8c7ffa9fb3193a7311a65e631156444e2516c515f679851e8ef7fa8f58344ae2b881eb6ffa0f

  • SSDEEP

    49152:JGY5918NqwTEgTcQnMbHNnl3sUngdXzd+DDLosT0ByPhO3l:GhTPMbFK5+DDLLWyPw

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2