Extracted

• • Target

    23defddccadfb84ff4d1d2ade130b873c159a0bab029fb61650895cb1bcc1e27

  • Size

    2.3MB

  • MD5

    b2cca214a4399d471426edf8f8884256

  • SHA1

    f8218d4fb6e045c9143edd32337a86a823713e93

  • SHA256

    23defddccadfb84ff4d1d2ade130b873c159a0bab029fb61650895cb1bcc1e27

  • SHA512

    4659a10a01eab8ecfd737e199abf9a637a5919ea16804be30c6365c1a0b87fcb1f28a34459954f67b5431ea71b38b26e9ce0fe5f86eeba357886d6b69b71c384

  • SSDEEP

    49152:tZbruN6rlS5luHIyviBCkh2fNq0gYaBOrfLim9nAQ0E5LzhQXzx7BEjc:tNiGW+lvy/2Nt/iYA7Wc97B6c

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2