Extracted

• • Target

    b66c0d13a7b139d4f5ee9d02ff388cd6547e451e9d8b1443e2e04a192b9cedc8

  • Size

    2.3MB

  • MD5

    6ac0dbefd7c44a0c36d4dbceb6ec38aa

  • SHA1

    6fb5aba4a18b50b048fda5ab370af137a33b33a4

  • SHA256

    b66c0d13a7b139d4f5ee9d02ff388cd6547e451e9d8b1443e2e04a192b9cedc8

  • SHA512

    60e2851b98e37bc3c2c8af5b4a35bec10b45a4e3dbaa9ae55b567758657f1aeb05c277567093ca371c3b540c35a013441671334ca9501275aee5aa5a08ecc341

  • SSDEEP

    49152:9pekbu+Wir5AKsOvXE5/S4Bi+tAdui5E//a5u/N4rzXiFw8bOQMP:9pvKysOr0iJdut/cu+rLF8bO

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2