Extracted

• • Target

    117ee89fe4e4984b1df937bd4fda59f5d48a8dd3f4fd376320e87f33eaae890e

  • Size

    2.4MB

  • MD5

    2a389581ffb43883ecbce86ae5b4d95e

  • SHA1

    c7bd50ee569f3321d5c57d1de86ec5109051d25e

  • SHA256

    117ee89fe4e4984b1df937bd4fda59f5d48a8dd3f4fd376320e87f33eaae890e

  • SHA512

    f5250609d5a4405288cb9efeaf77c11f7170376ae6fa898f70fffba21db11d07d98cdad98e1c8d2461b719dd5a4896c2886a46238b2cf939b2e7a1afb773e223

  • SSDEEP

    49152:bY0gEGgNrzIMqkmayIEtJvBvIb+tk4PEZ7Vlta:U0gEfNgMeayRrvk+tk4PIv

  Score

  10^/10

  evasionriseprostealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2