Extracted

• • Target

    cedf2e58ba5822232440004f61c56e2ccc5fa6896d083fd1660d1dc84f3454e1

  • Size

    2.3MB

  • MD5

    30e62fd09ffde22d6e36875eb508cbaf

  • SHA1

    34aa03b5bce0aa30c2f8416afb47c9a772d69aee

  • SHA256

    cedf2e58ba5822232440004f61c56e2ccc5fa6896d083fd1660d1dc84f3454e1

  • SHA512

    1f833b32bfcbca800d248be630504f387a41f362f05e70cc788116f12395c7bb1e7539ee22b2d075ffb838222fc8d52f4a48498aef14199c91dc3f58e20b7d9a

  • SSDEEP

    49152:wLdz1amRzM/VpgRyCBqFRRtCT1dvJTTr4mKP6U8mgKB7AMUiXi++8/LSBiLMo:ov9YpgoCITRtSTTr4j8mgy5dRLSBPo

  Score

  10^/10

  evasionriseprostealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2