Extracted

• • Target

    5676a1f70b981338dcb0cb7ab97cee3989aa86178584763c36a5273fb221f94d

  • Size

    2.3MB

  • MD5

    3b5c283b13cf3ead934a16c4ca4aabaf

  • SHA1

    dd4904be0c640a891933bb7100dc60c29f0647ab

  • SHA256

    5676a1f70b981338dcb0cb7ab97cee3989aa86178584763c36a5273fb221f94d

  • SHA512

    6e0917eaaebb698cdc7d60eb9d8bea47deb94414e3d5ba76068c9e3d940c80a1cb063ba0266fee131ce803d6cc23bcb59fb6e4747f555b77bf52332fe3fc68ad

  • SSDEEP

    49152:sLxjIgCqKkJyaWNNFLYDWZkCKOwTTOnL7Gc4eC30mh:YxMgvnWvKDW+JQx4ey

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2