Extracted

• • Target

    76fa9d4708fa9bbdfcf4942c33747a8a18fef3bdf2f7918ad10e5359ca2d77b0

  • Size

    2.3MB

  • MD5

    3cbbd6ccf269a07f19e32a8e34173e49

  • SHA1

    412ee1b3fc2c4b58a90a10a1a81518ebffda9d20

  • SHA256

    76fa9d4708fa9bbdfcf4942c33747a8a18fef3bdf2f7918ad10e5359ca2d77b0

  • SHA512

    87cb975e49bc12d1a6e944832b6907878bb5b692c5b17bc2011edfefb02c5bf9c3e6113b7a35e259e1c3731a6065107f10ed2faa8e9c59dc81181c3b55750553

  • SSDEEP

    49152:P14DL9Rzp6/T3zW0ByI6TxS+WdVlJZlPrQBsCfG7OsjuzldX:PY9Bp+bS0MIMS+WdVl/r7OiKfX

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2