Extracted

• • Target

    77f8d75fdb68f418f3c8e1a8cdf3d1b20e210ee5e2831b229cba553fdcf151bc

  • Size

    2.3MB

  • MD5

    37519843d71872d848f7fc54630c6468

  • SHA1

    615555194feba9ce57e4b76bf0ab48ec00b96aa6

  • SHA256

    77f8d75fdb68f418f3c8e1a8cdf3d1b20e210ee5e2831b229cba553fdcf151bc

  • SHA512

    12838671d2b58690ac27cf294e18deadd566e538896d03e4eb7acb1e548107ee4cc83f249575c7e5ace4242b0f64278780cd58716914c6310625f033f40a0e0d

  • SSDEEP

    49152:LzgGODfxYLHwR/hpe8UI1XZOZJFlOQLpLcXGKDN4eEqJr0iFPTmo:LzgGO1YLHwR5pCI1Xaf4QV5KJvrP

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2