Extracted

• • Target

    ad3f64701bbd3a5a767ac4f22ac868096fef5409b095db6c408dc1db7c4f2434

  • Size

    2.3MB

  • MD5

    c02bb8ce4d4af28a5c26b7102a36ff18

  • SHA1

    9f88b6b4c07ffe160fac0ebd25bce022b7bd5c70

  • SHA256

    ad3f64701bbd3a5a767ac4f22ac868096fef5409b095db6c408dc1db7c4f2434

  • SHA512

    8229e6370ba7d3670f9f354de061254ba152dfb581bb48ccf64f5650e557dbbd1b37bcaa2e56acecba55a0fea7c21ec47aa243d54950818b9285d54fbfb9e328

  • SSDEEP

    49152:if4xMeD22mOGgF9bO8NiCWvRBK5i9fwKQqBreQmeycdgu4ThXpS:Y4xeoGg22l5i9fwSB6nLu4T

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2