Extracted

• • Target

    f48b589c930471c2c071fd164fb85674bf23a611c63e940c8d259d556128f0ba

  • Size

    2.4MB

  • MD5

    3590c6436a4da4c4dff26cd804393caa

  • SHA1

    726d2630c4fb764a068c65c2932feea2b49cc105

  • SHA256

    f48b589c930471c2c071fd164fb85674bf23a611c63e940c8d259d556128f0ba

  • SHA512

    a07ef3ea62b5a656978d9471e403ef44c29364623d40369b2f32f6166de16cced0cd5a9d169e7d4e1486d3e1f58fabb91acc7ffd895d98e419bd881057375d58

  • SSDEEP

    49152:w1o+LgZ58KsYdyO0OmFc5E7rA6kUJ+VsLyaRJ1OG:IxgXzgO0O4ci7rA69J+VsLJ1

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2