Extracted

• • Target

    44985c817fc1d5e15d738eba77c18e70134a9dc5186aa6c9dee7937773b88f13

  • Size

    2.4MB

  • MD5

    cf463622678f6dc2156a3307b440f0d3

  • SHA1

    acb17306a635957fb0cf5a777d0436967b177aa2

  • SHA256

    44985c817fc1d5e15d738eba77c18e70134a9dc5186aa6c9dee7937773b88f13

  • SHA512

    db865524fc61a95666307fca195ed6c0594bb5ec551619016e4e210a8c7c4a45037a9c1c302940980838393bd7c04b54af8b287149b6d9f18df6fb5ebbed7738

  • SSDEEP

    49152:8RXeyWoNZw+datVc/LZXaAIjC0iUWg+o2jTI1vUKFHwPEc+gkAFs:gXe5UatVcIizho31vUKFHwPlY

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2