Extracted

• • Target

    a19aeffb8169bab2531a020ce06400295abcaca3770ffbb484467273b9c2bbda

  • Size

    2.4MB

  • MD5

    34b0e81fa6f60af1c68020b008736997

  • SHA1

    d778283b75633c3da27151eb2802f54d956bfb2a

  • SHA256

    a19aeffb8169bab2531a020ce06400295abcaca3770ffbb484467273b9c2bbda

  • SHA512

    e8fc16b80bd9457c295533bce2004419385741b981d49052b9ebff8b3548eed62d5d1a5c2d125e9d130d08d671aef9697866c9b0b9b705210191728f3e158bfb

  • SSDEEP

    49152:oV4zlrbVESgOVCQKV60H+cOedHuoF+pzTe7w+NW7rDCboh8jwVS:YQlPVESgOVCRPHAedHr0Ri5NWrDCscw

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2