Extracted

• • Target

    6ed79dbdfae0816f51aa6dd6c86f17b3a6c1c29bdc34c97c9bdf0f9ecefe5bc0

  • Size

    2.3MB

  • MD5

    f55391b7bb78d3c37b3da1b28c2263c1

  • SHA1

    8178aa002aee3a270a60d9f97b0be30b3cf1c5ee

  • SHA256

    6ed79dbdfae0816f51aa6dd6c86f17b3a6c1c29bdc34c97c9bdf0f9ecefe5bc0

  • SHA512

    8849a6b6071917b0eb13305507cd5d74e48d66f6969186683845dbad76746896c44fb7be5da4ffa87ea5d05979d3d2f09b6087fb52a5a9a313bee87dee467ef8

  • SSDEEP

    49152:vbXTUA0rsC4xKBQbuokT7cM7uXujm8Sdb3Fg453Rm:DXTUA0rsCJQd4Y+a80b36453R

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2