Extracted

• • Target

    1c00b1b0437e537733dcc3c048a59ba3a373f4ab30a97fab21e20501fd081d15

  • Size

    2.4MB

  • MD5

    1d0710fba5166efb658d3d3907176d8b

  • SHA1

    ab4a279bdbd13e7ca844463b360cc5ca37ebb522

  • SHA256

    1c00b1b0437e537733dcc3c048a59ba3a373f4ab30a97fab21e20501fd081d15

  • SHA512

    6ceadca1f68b3ee4871e920a9389a43ec133935337e87a60f57a0726fcccf6ce33a31554714fa93f86005042f2b22a493bcd54646eb5923bd8b4034649ff05ae

  • SSDEEP

    49152:P7uCtkIH2S+UsCCrSRvDJTVG/bYX2LCNuZoDvZ85MG28Vn:PSIuUsCC2FDJTiq2NZqz8V

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2