Extracted

• • Target

    d3f0ec904629094be46b90ff41e9919e09833a349af8f81c2e55937d366ee3eb

  • Size

    2.4MB

  • MD5

    813a28cde67e57d0c490c820e18753ac

  • SHA1

    236f9fb76209746d9ca26a68bd71e88df32eee87

  • SHA256

    d3f0ec904629094be46b90ff41e9919e09833a349af8f81c2e55937d366ee3eb

  • SHA512

    900d9280b24efc483d83e43157c207aeeaa66aa46055332227f52991d0543d218bb8dcb49763d63975a48889626f541e417b073513d2b7b75ec820a294a323bf

  • SSDEEP

    49152:CIK9rvYKREI7YU4qscR3vAzWm75tqLmFqIW1NifEDBDE1EzV8:LcRBY1cdIzW+gLlZtDBDvV

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2