Extracted

• • Target

    49eb60f0712535eb104a1298b9a4c0a9398057b02bbf98a94cfe361531990d4b

  • Size

    2.3MB

  • MD5

    32215861dbf7883eee14fc8b71a4deb7

  • SHA1

    5e69806bb072a5cd06432d68c4e3d1070f21132e

  • SHA256

    49eb60f0712535eb104a1298b9a4c0a9398057b02bbf98a94cfe361531990d4b

  • SHA512

    76e126993856c1aeb853090515b8a6075e3f998c1b6158c0e57c5929afcb880e0d5623dde3d4bc79bfafbb822c4fcb1ac649be28f7b7ef0f20ed3c3011f04cbe

  • SSDEEP

    49152:sOzn4DxXfud1BPVC2HrFSYIrzlTagkbEuH27nmZETEiMh:XkDJuNlHurzQ44onmZETE1

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2