Extracted

• • Target

    f6d987a3cadf39f6f71cf2fd4b105a8f7bb67350bee216a204fa8e7edd4cb9eb

  • Size

    2.3MB

  • MD5

    14a378d3fd8cbb0acc24e450fb6a211a

  • SHA1

    b146666563567cca6bc0e2663bb5e700ece81b79

  • SHA256

    f6d987a3cadf39f6f71cf2fd4b105a8f7bb67350bee216a204fa8e7edd4cb9eb

  • SHA512

    53aba584a7579d69cf17e3eb2156509743a065c057d6cd635e662fbd890541960244ff43f11cd682306e8a60621d9c27ca2543f740edb8e919c15358fd1df503

  • SSDEEP

    49152:Yrv+dphKVuiYq53pOvmo5FJ50FPIaohjJHXcK4HB0WWXE9G0qJc:Yr0EVSuovm+J50FBohkboc

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2