Extracted

• • Target

    531685613d125dd26a39d130b68462cff67e918bbd3e5a3db99b39ef5239818d

  • Size

    2.3MB

  • MD5

    64468eae17c3452d9b97ead97cb91e1c

  • SHA1

    9fc64c304486d27b628801a2fabace7d35e5179b

  • SHA256

    531685613d125dd26a39d130b68462cff67e918bbd3e5a3db99b39ef5239818d

  • SHA512

    f0a0009d1b9117d4fa49d7cbb45e525fb6a971672bcd33a3f6bc25f7fafecbdb2a66233ac7dfec413c7f57b4c67c1a7dabc0719b33de220e6ab241ec501e2af1

  • SSDEEP

    49152:vB1JHpEiBBgur6NpA0w7Opaq7GVMBQH7tM7+4k6gHp49s2Bf9sF5AmFgUVe+wt:PJHpDB7ukTK7GVr7tIk5NAKE+w

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2