Extracted

• • Target

    5c8e96194d830db0030b13de91b396b820c570d325dda6274a9ca68ead70c270

  • Size

    2.3MB

  • MD5

    cacedde5a4d696a80037c69e09d1c0db

  • SHA1

    b96322586f5383b66a94697afc0ccfea308321c6

  • SHA256

    5c8e96194d830db0030b13de91b396b820c570d325dda6274a9ca68ead70c270

  • SHA512

    8d5cfdd4355957c929051ee7b90a4aa595bb005306200ea7797f8ab11ee3365596de06ac510f52b9e09802fe9c6e1c3e2a6dc7b5742d0005aa8990c8fa064a9a

  • SSDEEP

    49152:dmFHfM8q0/psFlL+GOKc0kD1ZHzENk8HSEZ6Jcu:eHi0/psFZ+GOKc0khVENkmLt

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2