Extracted

• • Target

    c787fb8f17830503b892b5ae3d70944ab3192f4cf65c54a93401b48a96e9101c

  • Size

    2.3MB

  • MD5

    a635f5cf850d435eb5574a3787ad95ba

  • SHA1

    321b9199e4247a963b3e9527fcdfc59d130652b6

  • SHA256

    c787fb8f17830503b892b5ae3d70944ab3192f4cf65c54a93401b48a96e9101c

  • SHA512

    a8634545c8c7a565b9782fb97449a38525f11fc150c8cd01f5c858acd4e937e45e1240e19de82ee8179ae0aaa825af93520f29b4876e79fb230a70ba4fd0ee39

  • SSDEEP

    49152:lQ0BxTIn9x+dwEZsN4lGSmYf9zy3+q203mAlk2zadA2t:698dwEZs6lr9uP53XlD+d1

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2