Extracted

• • Target

    b240341d8adfed0f14d665dcbad14c542fa2e6f57a8c1904c0e5ccfb10270b17.exe

  • Size

    2.3MB

  • MD5

    0b4b3e5e4a2ee4bd9ba8d9950639f269

  • SHA1

    7a0ffcb4a3b75704478ed80c20d4dc830ab07ebf

  • SHA256

    b240341d8adfed0f14d665dcbad14c542fa2e6f57a8c1904c0e5ccfb10270b17

  • SHA512

    1dafe222d8112ccab45436256adb9736f3e2a47a61cb393819d40d66edfe54765ee878d6b49af056169159a737e41450bf2e613e24cb93af2a955c6b07119083

  • SSDEEP

    49152:hQuzfd1pUPALeftwHL1STPuAdwGFGB8QTsEVLYt:nbvq2ex9dwn1DL4

  Score

  10^/10

  riseprodiscoveryevasionstealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2