Extracted

• • Target

    e2804deb8c73a29b02dc0a2d0530071aaf2562f10de8e8684e9273d052a1de57

  • Size

    2.3MB

  • MD5

    76a1838c46c65e8d65c4cdf3c00c177a

  • SHA1

    e1a6f56a29f7791e7fa182bacceaabd689b0e8ac

  • SHA256

    e2804deb8c73a29b02dc0a2d0530071aaf2562f10de8e8684e9273d052a1de57

  • SHA512

    143d4d90940cf45867af47135e3c86c67097babb76aa8b569905b53c772ce6d5581521a0de3b8ab2df2f733792677e58df284e0db6652ce5af579a43e49277e1

  • SSDEEP

    49152:DkmKhyq24kI3qebVsUDFf9ppUpVnl6KHrzFUNFbzzNGxd93bM:DkmKEqlkAbmCEnlzSNFb3ojM

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2