Extracted

• • Target

    0c06b3f49e17c1536db26c16bea62d6bb4124f792ca627cfdec2aaab48ae74ff

  • Size

    2.3MB

  • MD5

    54b62d75c6ff1145f8a42646e7912e76

  • SHA1

    625966f468f9d02b27d1e7b1b04b3adaa83a9502

  • SHA256

    0c06b3f49e17c1536db26c16bea62d6bb4124f792ca627cfdec2aaab48ae74ff

  • SHA512

    2f010044108d9a558e9e69deba57209a3f93fce9bde4ac9242e09e242fa0c9d5cdda925a5590c5778f20dd3acd142c3d60883c7b220ac2168febec7d00a0da09

  • SSDEEP

    49152:NUeBYrA+Po+FUgJ7op/lzk0E5Qu8KF5Qp9av90MrcWf8eykRoL:imt0UgOp/lzo5Qu8KF5Qp9+9PrTWL

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2