Extracted

• • Target

    5f891bff9711a9e29a2d44aac4d2c7a9c996b91edf49ca0178636df76dfb67fe

  • Size

    2.3MB

  • MD5

    18662d17f76e7389cb98c33b1e755f06

  • SHA1

    b8abe1a14ad4f883c8e9125b978f9513eebe8860

  • SHA256

    5f891bff9711a9e29a2d44aac4d2c7a9c996b91edf49ca0178636df76dfb67fe

  • SHA512

    c825e08d9f19f2ed6b80367b03aa16e464768b1b4263efa0a03e365a6300dc48ed9e9b187c731279261855ccdb1e8f32120187d2e0ff10bec7864c57fecf4151

  • SSDEEP

    49152:32dWouZEfqolwmXAe7+T137F7MNH283seeHw+CCrv:GVuOf9l0eKVxMNbZ+CC

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2