Extracted

• • Target

    b86d6060e7765ba46b1dfaf7e83cb7f8480bc0b433c652e2426eef7205fafe4c

  • Size

    2.3MB

  • MD5

    37cb1131ce1d54f418ea3a5a82664d77

  • SHA1

    7d950fcceca94424cffddf609d8c64343eaf259d

  • SHA256

    b86d6060e7765ba46b1dfaf7e83cb7f8480bc0b433c652e2426eef7205fafe4c

  • SHA512

    be82523d5837801d89b14f85cbfe080ce71d48ca69fca69cec397d83c96b506af928380892f7058160d2756987b68d6175f8b0128d8cdb15ce22b0126e65bb47

  • SSDEEP

    49152:UGY5918NqwTEgTc0AlYSIsk1HJA73wvRtBj1GN1THxdJHeM:9hTylbtERn1EZHeM

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2