Extracted

• • Target

    d74742bed95a9b9def8238cfc413bc1a2bf2688d09f157772bdca1435062eb77

  • Size

    2.3MB

  • MD5

    1f3475651210e85878963b62d6590ea2

  • SHA1

    93aba16e4720991e4cdd464fcdd471d0eb7327bb

  • SHA256

    d74742bed95a9b9def8238cfc413bc1a2bf2688d09f157772bdca1435062eb77

  • SHA512

    9f9fd5665a6c1e1cd430affe8cdc3478a6519f483a6d89b2583e4db32378fb158104748fa376a5a72af0ed2820c1e3867e3fde9f6417ff6c3a28250680749f48

  • SSDEEP

    49152:0zIhGe+uX8ijVsgCJjMfporkuz15dN3z+P+l3oJTat+0XNcGyS7fzv0rPTzfsy8:0W+uZRsguMxozfTSGlYJTwXAS7b0Dvc

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2