Extracted

• • Target

    c0b436c7a24c407f74f7b468d74481e1af6af1da4d2ca324550d7f48e7d504aa

  • Size

    2.3MB

  • MD5

    d7ba4db93c66d6bf9d9451534c71faa5

  • SHA1

    2fda6038ad85b3e58d543e27ce9947d8dbdcd4d1

  • SHA256

    c0b436c7a24c407f74f7b468d74481e1af6af1da4d2ca324550d7f48e7d504aa

  • SHA512

    b7c979a4999502eee3f32e90d3353934997135c73eaa63564cba41bfff328f3f7d8424e028cf5c06dcee93df2a647a72121acbdd94d6fed7289cdb67625c3631

  • SSDEEP

    49152:TkmKhyq24kI3qebVsO7XD0xM2L0bk1IgowFMnyuPw4lYBDOHTVNP:TkmKEqlkAbmO7hB41IQrwwQWDOzz

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2