Extracted

• • Target

    43d11fb6ecff5fdab2c8cbea54d68dca891f7997b1e16570e11eabf1c69ed5b6

  • Size

    2.3MB

  • MD5

    56218bec9152fc93c4e9ced43aecea0f

  • SHA1

    2ae14d36affbc2f74806f41f3dfdb979a323eadd

  • SHA256

    43d11fb6ecff5fdab2c8cbea54d68dca891f7997b1e16570e11eabf1c69ed5b6

  • SHA512

    425e06544ce35755eeba7f9cbdf184f544ecfe78b85fd17d0e02dc74f960a7d5a262f60e83a4f2dd28a2a76c084251e53a61ede457a58d7c04ee94c0f7d1df16

  • SSDEEP

    49152:39OSsL5SmhAItDsPq4eQ/mgcfJcGCazK7jwt5HePOiS+A7IWNXPE5V00JW5:Nq5Smh4qlQ/mRIsK+HDiS+A0WW5X

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2