Extracted

• • Target

    86373eb249c5bb66c9da3a279092c5f95155d752fc96f16a97f312de4d50dbd3

  • Size

    2.3MB

  • MD5

    2d7394deda145f037eef3dcb6b13c712

  • SHA1

    0c820c63971fe0d3c127e280b6de138b7ff3efd9

  • SHA256

    86373eb249c5bb66c9da3a279092c5f95155d752fc96f16a97f312de4d50dbd3

  • SHA512

    4dbb029a0e3de57c06942e5d8af478091ce264484ef0b224144039557d7d968759209bb185eeb1eff08289325393315c71bcd18bd4bcd838c8dac9b636006e69

  • SSDEEP

    49152:o8POatAYJK6l/nahsxxjGB4BGVcntlJ+5+1WLoCLtCwPY8YLLooCTMnsl:oAOCK6Ra6xxjGVcn7J+dQsY8YLLaMsl

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2