Extracted

• • Target

    9b28ed2946b2b23e66ade1bccfb4b0ce649e718710220becbaaa7dd52d4a2db7

  • Size

    2.3MB

  • MD5

    2192a2702ea099805de1d10bd8c222dc

  • SHA1

    b7ec1abdfa50e651fb1bf152559fe4ab1f92fc8e

  • SHA256

    9b28ed2946b2b23e66ade1bccfb4b0ce649e718710220becbaaa7dd52d4a2db7

  • SHA512

    0f3c8ef85319e05ce124e84efe247114319b1ccc9f1fe96a12e388bb7771b665b15b8bc4e447223ab293fb2150de3b71aa54d18685622b6c2ef716dacc0182f3

  • SSDEEP

    49152:YFQKW6B1P/Wv4tFTLTWwXc9mGCE3JQv5WTXtkc5c95Ef7cRfqP:YrxPO+S9zCPEXtkXTY

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2