Extracted

• • Target

    8eaa1b96923147e8312ef1e6d1c7353198c20a0a54eb818d893b9d780f067329

  • Size

    2.3MB

  • MD5

    05acbcbb5482971c9164657bcca02cbf

  • SHA1

    4e4a0311f33e8c565e7513162c93f3caa56d19cd

  • SHA256

    8eaa1b96923147e8312ef1e6d1c7353198c20a0a54eb818d893b9d780f067329

  • SHA512

    379572cb5300ec68ca5167d89c7c87832d1fe4fd32c89ce4b54c633ac2c7325edbd32755e6ad017f40d1e0c3fd96dbbc02c83bd840ac22f2da3aa7d451b601db

  • SSDEEP

    49152:EU39/bd72gpfXE2tdmAme/XwVIoonjQnvI:EU3R4g1pzPmSgWoonjQnQ

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2