Extracted

• • Target

    bd4211a6c3b196508c720cb7d3e976eae0728f6c8f87f2f86334649cab22c512

  • Size

    2.3MB

  • MD5

    aa9183e7f7f375d156da6277ec54affe

  • SHA1

    98f383bae7157063c482faaff27bc17bb6200e23

  • SHA256

    bd4211a6c3b196508c720cb7d3e976eae0728f6c8f87f2f86334649cab22c512

  • SHA512

    a8dd15dc99c4020a56d06f0bc43f7514baffeffe161e4f7b08056be3e4e37807d48c829c04c3dd4be4d8c0d03c529470eac89585c1286487f91efa33a9234776

  • SSDEEP

    49152:bFNFmXSBANeKWcDDf1dU3/T4OsZNaXSat473zsGmTcw7Rl0AG+JlVRmNQU7v:bDMiBAN8cD7KT2ZASat4TzGje+JPcB

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2