Extracted

• • Target

    48e4cb62fb5f994fb229e18f3f237d3a55cf84ae3934908b34a58cba1fdbaa4c

  • Size

    2.4MB

  • MD5

    4793141479e5bf1b051e4ee32644c502

  • SHA1

    efc700b401b6dfa0facf9836f6a16f35ddcc0690

  • SHA256

    48e4cb62fb5f994fb229e18f3f237d3a55cf84ae3934908b34a58cba1fdbaa4c

  • SHA512

    a077f404ac1fcd80c6169aa64d33b18a96ea8d0196d9d109cae8bb5da2a698d8683a9e6168ec502d1d203af2af69fb4a2a41a62375e173cc95ef05893595ae84

  • SSDEEP

    49152:Zwoj6/2W304PyHoVkkJldSfWQbQ6zHFteN61FOcu9Q8AoH0vA2onSR:e9/2WlnJlAr1l43U8CWS

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2