Extracted

• • Target

    459f47d3aa8001b8151726c7e74848d949006a62945915c2a1dcadd02a29b8a7

  • Size

    2.3MB

  • MD5

    e97a92bda3e0fa17352c15cceb5c5dd9

  • SHA1

    62ade664c0dc9c774995684e23cf49eaeaf23165

  • SHA256

    459f47d3aa8001b8151726c7e74848d949006a62945915c2a1dcadd02a29b8a7

  • SHA512

    2adec5ed0a453c6ab45cecb72d269d48fcca54fd5edc41f1414d3cebb83bca5fd19bf6a66f2635df1f9d451a044ebc900a5034d8691531d4db7c357feefbf0a1

  • SSDEEP

    49152:ztxoYb9lBEBtFQXabxx/XtF4X5nZAoZvlxZnPoWndIFXADZ1:zlrBFXWtuplZNLPhIFXADZ1

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2