Extracted

• • Target

    85d469edbdb0a0888dcce0cc8c6236fe58a902c53a7fd8d25148762325c1c157

  • Size

    2.3MB

  • MD5

    9110d12b604c3e192c25a02267cd5f5a

  • SHA1

    553058c98c082116f06957eb0377fbaabf4ea13b

  • SHA256

    85d469edbdb0a0888dcce0cc8c6236fe58a902c53a7fd8d25148762325c1c157

  • SHA512

    4cbad34aa5bd12b1c110d38960422f6bcca92dc4f1bc48ca897dbd2bb9dda62dfc6fbb68e01a1e5302762c2fd5a1ccfb13c42b13c9e43638c2b2334329ba3d49

  • SSDEEP

    49152:nB+zTy+IygQ74Zb6NR6pGqDO3GhyGCBCqoS0AUPJfUbdqs8F/tnSeZSf:BBUgQ8ZcR6kekiqoOUPJfgqhF/+

  Score

  10^/10

  evasionriseprostealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2