Extracted

• • Target

    dc6c5e2b5b0076ffa5924b66aa48f60726be4faadfcf904cef423ac40d26b640

  • Size

    2.4MB

  • MD5

    61fc31f6ba43ffd19bd9aa007bfbe540

  • SHA1

    55e68c9e25ba8d33b1df954480c5b93adb085915

  • SHA256

    dc6c5e2b5b0076ffa5924b66aa48f60726be4faadfcf904cef423ac40d26b640

  • SHA512

    73c74619313f3dea6216d8607111814e336e6d8d7951ddb45410241825e5915bb10f799b042e4addcac1af60157eedd09cdd2d75e5611129a93a8ead09378366

  • SSDEEP

    49152:cYsSLPRCkMx0u5WqhMdyRNGddwCRM44dTHdJ1e2v818ljG4:vNLPEkM35t/RNGdd9RaR9aQG4

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2