Extracted

• • Target

    c91b870f8252d8da56df52503050ed9bed377f4aa4ceed9ef762d622885bce6d

  • Size

    2.3MB

  • MD5

    5fd0908cf481e86cb9dbb4d4e49f9ee5

  • SHA1

    f8ff837531ba659bdc214fa9aa0174e37ba5d959

  • SHA256

    c91b870f8252d8da56df52503050ed9bed377f4aa4ceed9ef762d622885bce6d

  • SHA512

    c09cbfa15091aff7e5d8ca2134904e7f5a9cbc4073d24f0fc58bb804f41b5b6278ebe4696500f83c32b8c54c788af82dbec3263501413e2602d1e15ee6ad62fc

  • SSDEEP

    49152:2RilTjvMINz+9fBlt4FULc1LUTVzfDfzRfNj3IYWW0Sw:+ilnMINC5mGLc5URZFT+h

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2