Extracted

• • Target

    58adcd78b5ce1232212e6691063a99aca8973b25fe488f0ee93ff7e55a236e03

  • Size

    2.3MB

  • MD5

    502e5f356925ab0b572f16e55255bccb

  • SHA1

    04d2220948e8025a8fffef4c49f0f6e2a55919bd

  • SHA256

    58adcd78b5ce1232212e6691063a99aca8973b25fe488f0ee93ff7e55a236e03

  • SHA512

    266f056a4a9da6026c34d2a605e3cda31c72157127f9fc03d81887a0feb4df43025ef2f34d0af46a32784be3c9bd4b05f20e9139a2e826e68635201c0e898d4a

  • SSDEEP

    49152:a+IhvyTyPy1CKzPRf4KM1bH7QfcbBIrZyy0xNU3ctIRV16QtTtJ:aHyTyPuhzjM9H7qcW8ZxLlQPJ

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2