Extracted

• • Target

    db1de0d217ae9c5e65fc5106fa4f8650f1f48b7e861098605d0fd9e7e01d801e

  • Size

    2.3MB

  • MD5

    deeac5c0ccf149b1cd710865de019b4c

  • SHA1

    70bcd60da570dbe579cdb9023efe89d8c78131d0

  • SHA256

    db1de0d217ae9c5e65fc5106fa4f8650f1f48b7e861098605d0fd9e7e01d801e

  • SHA512

    bb7da06caa21ac3ce01ac790efae95658572e53333bad9c829b8f519184adc48ef91abaff79757793047e3c73ed8bc0e338a18f93090fb5779cab63b003ff59f

  • SSDEEP

    49152:YkmKhyq24kI3qebVs5PbsklJ/gsyyiF7Zgmqk1X+Ol7gTxazX:YkmKEqlkAbm5jjudyOZVXKTA

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2