Extracted

• • Target

    10459b4b1736997fad833eaea04579b9a4685a815b9fd4065db4104a458101be

  • Size

    2.4MB

  • MD5

    c314a01a8b07bc3cc3ad1637c28980b1

  • SHA1

    2ec60c1241c033890041778bacb4b1555bfabed1

  • SHA256

    10459b4b1736997fad833eaea04579b9a4685a815b9fd4065db4104a458101be

  • SHA512

    d0a93ac8c79a11662d1cea3478cb09e9d2676af15928b373921b1c6f91c9b3e995f58e73535c4ee6bdfb2db44ba4be15a911498a66ca85e06720389d42349d27

  • SSDEEP

    49152:jHdo7X73uH9Fe3GUfkFNIdJvJEEm+YA/G4wnbdvH6SEPgxOxgpolpSYv:zMX73udEaKJvJGsGtZiDuolpx

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2