Extracted

• • Target

    0f751859d7a450d7897d731630d93ed22c5070a08640760504213ec70ed13256

  • Size

    2.3MB

  • MD5

    8206d56aea40652e3f0f4d1ce70d8e41

  • SHA1

    016ed7e8dee234cb7d7e3e7cf1a112abe5a1e831

  • SHA256

    0f751859d7a450d7897d731630d93ed22c5070a08640760504213ec70ed13256

  • SHA512

    c663e551ac80cc02f333041139cca1f0c31e1dfb640a959d23e4f3e12397d6dfe12d20deae041ccdfe326ea6248ca4cff45d392f9de431615cbf4c70b4507271

  • SSDEEP

    49152:q5x+6e40e3/l97tEFh+JwT22anB9RkeWnABXYgekgmzH:p6aen7yFh+2ZaXRk1ABXYJU

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2