Extracted

• • Target

    02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da

  • Size

    2.3MB

  • MD5

    4910d8a49128619c8123dc4ed7cb0940

  • SHA1

    4a5de95f54b947f5ab1b99c42dde592b9f92fd6b

  • SHA256

    02c94e4b35cc6c6f7f27a0313134cd36007fcbaae1b482e109c217c91ddbd5da

  • SHA512

    f00f1a067f15fdeb40ec0b443f6ef72cc211e84c46401a1d5c25eb56e7763c3e98a70ae83b1ec10c87ca771574ccd2248c653b0999845608ba1d3a8e23e11861

  • SSDEEP

    49152:ckmKhyq24kI3qebVnlnmqlvXkmI92OhaZa76BFrekn8/7i02XD:ckmKEqlkAb5lnmqlvkmIYEaA6HbD

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2