Extracted

• • Target

    25a2fcb65430d92674b779793d26b001b1acbe7db693e851cb23cab2e445b9e9

  • Size

    2.3MB

  • MD5

    9ccfe59f42982ddb34356e3b5294c2f5

  • SHA1

    4aecee4992d209f722ff834bd0729e912dd88a4b

  • SHA256

    25a2fcb65430d92674b779793d26b001b1acbe7db693e851cb23cab2e445b9e9

  • SHA512

    ff725c302b7632efdefd07ebff262c6bddfe39a525ac5620180a07c8723fc77a173766034a8b1e8a41ea0a81d4f158e113e57a3a3b2467807c2ba981d3e1cc12

  • SSDEEP

    49152:UI9n/t+9DsJgUp6KdhpFVwm0pKWbpNKf0avaxFkDaqkn:tMxS9JnWbvAfvaxuDLk

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2