Extracted

• • Target

    4010589c9888f0aaf7faad27a90529b2e302196d3e91cda0274a3e94dcf3e956

  • Size

    2.3MB

  • MD5

    37737731acfb136027d2ce2fb2091a3a

  • SHA1

    c1355b77f0b9c56a07a213f867d4fce53880a5d8

  • SHA256

    4010589c9888f0aaf7faad27a90529b2e302196d3e91cda0274a3e94dcf3e956

  • SHA512

    706eab79670c80e8a6129304a42774ec103cdd1f2bb2fd86d88bfd312d32f543f29c5c7531505947291acd9bf03c16591feaa0988d9883c12193a74831f050bd

  • SSDEEP

    49152:RKCrIglQ1KfZbK4qQTyj0Uzrdm5Gq6UGWX0TWW9HCIQzLX8+aO:RKKIgOgdKlV0wmr6UGs0TW8H4zLs1O

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2