Extracted

• • Target

    432bad20f4ea90984df25b1162c497ca5159b3d6dfca0c2312a880684626d9eb

  • Size

    2.3MB

  • MD5

    9123d4bbd80d1491ce0e12530a4e9629

  • SHA1

    618f68e03bbc61b5c9ceb2381da87f120779a997

  • SHA256

    432bad20f4ea90984df25b1162c497ca5159b3d6dfca0c2312a880684626d9eb

  • SHA512

    07852afe70974e3752523998268adbe11b501ca7b2948cdaa330983c27103e557b7159394718f713b4f40d12408d781769d9cf9389698ee179cf4112705eddeb

  • SSDEEP

    49152:EBVaVw5CvGBGm71HdZhCsL1E/w7VJtS055jbPf4iGb8W3f:sVQ6CvLm7ZhrL1E4HtFgi+h3

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2