Extracted

• • Target

    b09550a11ed887ddcbb52407e7e5a77701d4e6872e447015af5676097c84662f

  • Size

    2.3MB

  • MD5

    65ae08e3934a3b2e2f0f5c9300d232f9

  • SHA1

    38e29e078ea39842c113683df990691c27f08ff2

  • SHA256

    b09550a11ed887ddcbb52407e7e5a77701d4e6872e447015af5676097c84662f

  • SHA512

    d162b5e65834e2945f1b9ec2e4113e974978112ad3624e9749a581b1074c8031679d053a958c3cc0e0fcf21b0e7b1d38077868d13c21697e78d57a4bcb96855a

  • SSDEEP

    49152:P1GFWXvZK4GSd9Za0AkuHUuIdMlygPL+WQzQC2kMxIyRkzkqVN:P8WXH9ZhAnlygPL+WQzp3qkz/VN

  Score

  10^/10

  evasionriseprostealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2