Extracted

• • Target

    a0c7887947f74e96b5ead5f118a1983d5ef832c5c1bb28f5c687280d643c909c

  • Size

    2.3MB

  • MD5

    06d91f9f90d2f1114149c2c1d147a119

  • SHA1

    ab867b58b6866f926a684ce5c6cac254578aace7

  • SHA256

    a0c7887947f74e96b5ead5f118a1983d5ef832c5c1bb28f5c687280d643c909c

  • SHA512

    903a5adc5a4460e6c4aa4d6009629429d0fa70b9f2864b1255f3018fc5df046695c4ef7e7ae6ab8c6baf9d58a457d5914c98e3e45aebb6b95f631b41b0e9ea9c

  • SSDEEP

    49152:LMiW8sLWvuR/6zcd94NWkUMOROZg5mbFIpBunBb:4iW2vuMMqZGIFIO

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2