Extracted

• • Target

    f53971ba58b8e7d160d122be258b4d620dbc0ff55c05702e426cb47c992a7179

  • Size

    2.3MB

  • MD5

    05e86de16d2efaf360d3b7c2906e905c

  • SHA1

    cd38f523a4497b2b6d1e3ee03a5d7075d497deca

  • SHA256

    f53971ba58b8e7d160d122be258b4d620dbc0ff55c05702e426cb47c992a7179

  • SHA512

    c8db10328a4ce03c9d38ec2fdadef75ba15e524f477df7f6d2447ec67ee7f4d8988add222ffe9a8a5f5af6c523c768388d182618bc252da2e9524a40ff118afa

  • SSDEEP

    49152:NI3ta7HT1gBqr5NkH0R/W+gisoLHuPe2tFWyceP4/:NutWzPldbgiP7um2tEyq/

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2