Extracted

• • Target

    4cadc88d8fdff0515360e70658d970f2dae6e526edae239ac1088d21c966037d

  • Size

    2.3MB

  • MD5

    eaaf116399b1875569c3395898103226

  • SHA1

    5cfba629521ba496d385f783dd3aa9821b48615f

  • SHA256

    4cadc88d8fdff0515360e70658d970f2dae6e526edae239ac1088d21c966037d

  • SHA512

    ceee44fd78e6538c4f65851fed7735074b1b1b5761e566b3ab84fa3302bfcb155e63b26e7217a519bd8510312f3b0648496c396ff6cf860afca1327582aa1845

  • SSDEEP

    49152:JiT8luuWJe+tV0HjDHvd48DTCQA+QkO++Its2eYjqkERzSS9mHv:JiTzVtV0HvHvd48PCQA/B+42bj/evC

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2