Extracted

• • Target

    f2bd22d726db7eeba42aee8b4ca2f35364eadd7f74f29188af92136f7a3d4556

  • Size

    2.3MB

  • MD5

    ef0b4eecc3d88cd32b5c23572cce17b6

  • SHA1

    150ef18cb9604e01c5229f969b89fea55dc6022c

  • SHA256

    f2bd22d726db7eeba42aee8b4ca2f35364eadd7f74f29188af92136f7a3d4556

  • SHA512

    fa2c9ceb6d0a18c4ee16f6b36315883e3824cf2339ca2557ad0f6bd97c3e7cf3c282a9bc78b0df29d95184e5a34a8ef035b1b0876b166850059533fcdd9bc666

  • SSDEEP

    49152:Mobh9ggvoTU2+R5Fhef7mpreUDEYsgmc9Hs7N4/H0Nhu2lnE:MobHMv+R5Kf7mpFJsgmc9Hsp4/dME

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2