Extracted

• • Target

    4c993f1a19b4ad0f70c6a2382a10108c05019288e0189d1a662666ee6093d8bc

  • Size

    2.3MB

  • MD5

    ba1a9ff56ec9bee5ac8b4d7ac695df8d

  • SHA1

    40b9395e33f2986358ab9ccc5e9776fe80406abe

  • SHA256

    4c993f1a19b4ad0f70c6a2382a10108c05019288e0189d1a662666ee6093d8bc

  • SHA512

    2347a19ae862c7f2780a9478a094853e6fbe6f30548a357a07e9d6304d5688fea469dd3b037b670d19d41fa2f298af86734d4b709e0b68699a111c40a45c9822

  • SSDEEP

    49152:1+M6OYMmGkBebcFLb9PvGebkD9I4PtzMgAw3dPOWNSZ9E0X5A:hVmGRsALJJPNMJwNGK8E0

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2