Extracted

• • Target

    f0878eca55ab10a2e2f425404b3b4a92eb4d3f9b9020b333dab0757387840e9e.exe

  • Size

    2.2MB

  • MD5

    d253b17c8bee1355ecebe68853b03fa8

  • SHA1

    948fe597db1ca38bc6595b23ab3fa979e4149d6f

  • SHA256

    f0878eca55ab10a2e2f425404b3b4a92eb4d3f9b9020b333dab0757387840e9e

  • SHA512

    29e8e8387fc5c6adea5c159410b5364495ab7d3ae5a47934af0724353c5824fe4278a87352cbc5427bbe58fa457e8c9f75ee843702f46b626294eca6a876adf9

  • SSDEEP

    49152:iu4fygnmdOo3GaDXq3oMgABIulH814uFcZ1Rp4NH8m8SdS4A:iuzImdO+23xaul44uFcZpfm8GA

  Score

  10^/10

  riseproevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2