Extracted

• • Target

    cab91ce7dc5c3dfa58c561d625b79060d8c3db8c8c8f43cc136dfc7cbdff38a8

  • Size

    2.3MB

  • MD5

    0c06e63b1366dc6fd367141e042d21a6

  • SHA1

    9e5b35e5a55fe806160c8952ea31ab0bc9b40259

  • SHA256

    cab91ce7dc5c3dfa58c561d625b79060d8c3db8c8c8f43cc136dfc7cbdff38a8

  • SHA512

    8dabcc92441bf3907d2c713b19abf9a335b43d8c3fdab7646543745aeb73e26e5048cac1cfc4d4026f0283b417776d534f900b1c294ea591f5439ee3421c9e8c

  • SSDEEP

    49152:HNyMkyEgqNWHJ6l8xgjSqyKDzk2U45hzZLvvD2CpUhvvZFiecxSkBE:H4MkyXqNoJIFPy4zZhtLvvBpU9LQBE

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2