Extracted

• • Target

    4c9c647f7a3f7936d4092a82faf88d755d294fadc532b9280355819a144c734a

  • Size

    2.2MB

  • MD5

    7d1110bf420a112d82e1ff46635960ac

  • SHA1

    4d6cae588165a4eda62d34de48604a1705f91eb7

  • SHA256

    4c9c647f7a3f7936d4092a82faf88d755d294fadc532b9280355819a144c734a

  • SHA512

    ade179aa632928f4de702361f72e1d88914aa3bb711bb1a6649963d0869611ff999d52b279c8269308fdbd8f990e60e85acc26605e3034c7236b4206559b2c6d

  • SSDEEP

    49152:ZkmKhyq24kI3qebVaRHDRcJ8piin7gfR3UTLD7353FI68KN2pwa5uW0Y:ZkmKEqlkAbkRHGJ8r/TJFpR2pBuW

  Score

  10^/10

  evasionriseprostealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2