Extracted

• • Target

    0c3343ec91e9340ffe06a413aedac59560be1b695b7ffbda8df1be9610d2e6c1

  • Size

    2.3MB

  • MD5

    c17ec04f7484d3cc1c31fcef49ed01e1

  • SHA1

    195067cbab1212d88a70e0675be119cb7a622491

  • SHA256

    0c3343ec91e9340ffe06a413aedac59560be1b695b7ffbda8df1be9610d2e6c1

  • SHA512

    dfdde0de87dd8bf6190c2a029ff222272f11c16fd18a87bb0f5ac87a961d8ad34dae043ce3b712834fcfbc79fd28ff8e07de52c2a1745051ae90f9a4acd4ef93

  • SSDEEP

    49152:pOiTYC4x5vK6YnOUH7LYMJUDpPCh8rg7vCuYGydZYxMnmWC:pRUC4xR0YMJWV1rg7vCuYG+Z1N

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2