Extracted

• • Target

    eccee137fc88211739d6e202ff31cbe34959e96f4e7474b992a56b0014acdd50

  • Size

    2.3MB

  • MD5

    afaa7569f99bb12b551fc7fffb799778

  • SHA1

    7a9d2108ca9af6d2f8e847681d09182c3c2d792c

  • SHA256

    eccee137fc88211739d6e202ff31cbe34959e96f4e7474b992a56b0014acdd50

  • SHA512

    e13b7b0a21cf06b2be5622079f23db11b4ca7ddff3124a5ff1e1ddf0eb45dfd33ab3d267513f98af8846b45b2afa6c0058858b28125c1945a31b66dd9b916a78

  • SSDEEP

    49152:wGY5918NqwTEgTcQUarcb+mMkH3lbq4qSaGc207qex94XCG4yd+tg:BhTPUKcb+C04q6Sx98Zw

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2