Extracted

• • Target

    Lisect_AVT_24003_G1A_37.exe

  • Size

    2.3MB

  • MD5

    6a672bbdc7865a7518441284d853f8d8

  • SHA1

    be887b22a197194e90f9a090174f258bdb062562

  • SHA256

    a3f809a16001f7edea3b2c946286c80db82531a8cd037320fba6cf8bbcf68284

  • SHA512

    0e4f83cc50cf975d8ccee5d61b009e877b9fbc680b64e04a540a92c9601462ade0182376053fe15d0b8ef1af89dd46c06b25baafd0a597832600c03900afe5ee

  • SSDEEP

    49152:e8GpcxEHvbuWvpD3pQcVTVx5QBUu/ApBsUIjtpULzhhLAJFhr:eRy0pBFrnu/ApBsUIRaLzv6

  Score

  10^/10

  riseproaspackv2discoveryevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • ASPack v2.12-2.42

    Detects executables packed with ASPack v2.12-2.42

    aspackv2

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2