Extracted

• • Target

    a2afa2f63633ebe0a4e926d854a5f18432b78e6de1e7f971316b22e6fe51e468

  • Size

    2.3MB

  • MD5

    4ab47acb55f83ee27ae9976aded29c01

  • SHA1

    6a50d8337470e0942729b63816cad329d4ab79dc

  • SHA256

    a2afa2f63633ebe0a4e926d854a5f18432b78e6de1e7f971316b22e6fe51e468

  • SHA512

    2e1edf0a53f4361bea9636b5d1a4ccae3939991595978d46f8635ad122168e1acbc85433bf59ba01f580d16a2c4e100f8012da08212345e0cd10476bf20926f5

  • SSDEEP

    49152:HKjpkDD+P5EpZP0SuEGAbuLXYYqOMJ19Prt/CDYA2YsXRxKwgVeWQ:HK1k/+P5EpXXbucY5mTzlnzY8Rx3gF

  Score

  10^/10

  evasionriseprostealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2