Extracted

• • Target

    86c490f3ec744faa362d01ab0a7b3198e21fbbb2065c1916a200a925aaabdd77

  • Size

    2.3MB

  • MD5

    242a2e78bb69685b813ec2dcee2c276d

  • SHA1

    99cd82d50d0799edfa1d5244eff8c96445147fa4

  • SHA256

    86c490f3ec744faa362d01ab0a7b3198e21fbbb2065c1916a200a925aaabdd77

  • SHA512

    3ca9208253f20ea65fe193a62dbbd7086a0900344b0029dbbebf6a786c97f3d60a0161445c10a038a363b20fc5cdd853db2eb5fa180a0657a7bc99db1626cf44

  • SSDEEP

    49152:gGY5918NqwTEgTcQhT5JlUdxJk2AqkfMhfTeCZ3Tv+82:xhTPJuxJkPkhfT71W8

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2