Extracted

• • Target

    ba2068bc2b1ce039e37f62be1f9ae71155f0fb47f3239a53cd5ae1bc503709e3

  • Size

    2.3MB

  • MD5

    c0f6ce1480e29981ce880e6c24f35b95

  • SHA1

    f08c0ee722be6d0d99a0d2c1a8bdb64f15189fba

  • SHA256

    ba2068bc2b1ce039e37f62be1f9ae71155f0fb47f3239a53cd5ae1bc503709e3

  • SHA512

    b50d889d9ec8332be33fc66019346aa7cd59f5122f6bb4452e517fdd205833d6447890204d86650a24323fe7248b264c35abc11efe5597c7edf94e5214541bd2

  • SSDEEP

    49152:q4IAzdjqbwWjITlaYhrK6NueIxBXcxlahqFxgOqX01oxaaB1BPtRJDIXYA1:KJgaYheDNBClahcOOz1aB1/bgYA1

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2