Extracted

• • Target

    17ea5facb9c79357269348b19b95e83bab36c367b26dc1ad0f7639ee547002dd

  • Size

    2.3MB

  • MD5

    904f75daa93fd4309898863f56a4e984

  • SHA1

    d28454c3d875ad4b353a0f9644969ac21bad99bf

  • SHA256

    17ea5facb9c79357269348b19b95e83bab36c367b26dc1ad0f7639ee547002dd

  • SHA512

    9327a1208e4af49914ccfb0dfa93bef03cadbb4fe3e3c5cd9978278ce4fb99025571b691d7c89f56c873c13f7d3bbda1970ffb3da1714d53d2f825630c7d29c2

  • SSDEEP

    49152:7fUd1fQWTpyFeQEvc1Bii6tjzQukbhXpeXrlJ31ZXf73Ep:r8QWTpyLXqi6AbvQrlV1hT3Ep

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2