Extracted

• • Target

    bede32fa864ec025be32d9e1b7d397c6cda9d7eeceb8ca5e34dc85db41a77c1c

  • Size

    2.3MB

  • MD5

    43da6d1efa221addf1b96936aba0fee4

  • SHA1

    974619401c692fd2fd5d08074c692a29dbb599bf

  • SHA256

    bede32fa864ec025be32d9e1b7d397c6cda9d7eeceb8ca5e34dc85db41a77c1c

  • SHA512

    a99eca96db28025a4f5938a742ad803e66a6d09edc31dd1ac6718f45b0e46780ab56adb86b788c9fbeb1de39577c7110fd02ce95576de23d8815dd6573b2f523

  • SSDEEP

    49152:X+W5nBOCKGmXqNXGdJn48HmnLdWdoerMBkNYgtdih+4eDCrCZ56Gl8:X5rOD6NXG/48HOQLrMBfh+4eD3C

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2