Extracted

• • Target

    f8a5ac867c8073a72c88578fa5c3b3e6514a1289a25bd82c842eee0434487fbd

  • Size

    2.3MB

  • MD5

    1fc5d3f17c4ceca16945ca7d73211fde

  • SHA1

    d2cb4da24fc42ecc478d74b9a35e690176932df8

  • SHA256

    f8a5ac867c8073a72c88578fa5c3b3e6514a1289a25bd82c842eee0434487fbd

  • SHA512

    aacf0c6a90e9609de76534d3c4629fc53de101d682edcecf70bb05a438340f575c43fab6faeb6bfc7310b8d6e14cd9e7fc35bee4887a26c3e8aab80168fc0460

  • SSDEEP

    49152:PkmKhyq24kI3qebVsONEb1P0L9LzvR2vTEj5H99winf9jadD06NYRWsci:PkmKEqlkAbmt5K1zvvH9i0fOD3Y0ji

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2