Extracted

• • Target

    6c253e7a6c5cac2d8075f83f607a8407cdc0103cfa4db564ed49d7261048f8e9

  • Size

    2.3MB

  • MD5

    817cffc252208f14bafefad9ae4fe24e

  • SHA1

    206c90caf2141f5ad94bc1798834e39d8a9c20d1

  • SHA256

    6c253e7a6c5cac2d8075f83f607a8407cdc0103cfa4db564ed49d7261048f8e9

  • SHA512

    a21aaff3fbe7266b6f4351fbc6715902c0ff4e17ca5d6fec32f742e82056a903981fb38ce5d5e4358145f7b26a30cc30d0387ad5c796c4af6276d92d1bd17059

  • SSDEEP

    49152:AfNYyhPNfMGphcnhnczS8ODTcvxLPdtOrFQDLvF5kUKNHXwv1BmhDh:OXWGzS8OD6xUr6D0UKdV

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2