Extracted

• • Target

    f36b4a6d12fd302091f6971dd4e828f2b720e2defc3c3e486bbbc57c2a3b2ca3

  • Size

    2.4MB

  • MD5

    dca4eedca4c6b70b2076233fd721efb2

  • SHA1

    0ce805af50732d5913d03ca61fc991baf775bd01

  • SHA256

    f36b4a6d12fd302091f6971dd4e828f2b720e2defc3c3e486bbbc57c2a3b2ca3

  • SHA512

    03042328ea71a5e6045e08634cc510f25123755fdf1fe98322aa54002739d0bc137fb32695084fe01b6684fb3debe009d87e368b90919105ded5b9d71c630762

  • SSDEEP

    49152:pcXfejsFk8/Qjl8JyqQIfJIyI9kBgFIeJ9sxp1J+WOjh6ECY/A:pI6sWcfJySJI8AsVUWOjhQ8A

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2