Extracted

• • Target

    940795eafa8946bc3ebc2f7343091d369f3bef6acf32837cf977ffc27d14351f

  • Size

    2.3MB

  • MD5

    1d23c3d48a24165ff369ad7587ada701

  • SHA1

    d040a42bc63e35d2086bcdf24950da2c9d963279

  • SHA256

    940795eafa8946bc3ebc2f7343091d369f3bef6acf32837cf977ffc27d14351f

  • SHA512

    46f8732365ab2a95a5002d29f7c5dabe92e5209c59bac6f5730237b7b2fe686347899f1f9116e5b66b85490c59f2327b4140defec578a28e001cb2dc579b5733

  • SSDEEP

    49152:ACEUvzXaq442/5B/GJku4EJhC4ZVfi4naiHvHTir:A7UvuX4y5B/kLhr7JawvH

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2