Extracted

• • Target

    01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3.exe

  • Size

    2.3MB

  • MD5

    d9615368a7ba5bb0c15e398f4097dc1f

  • SHA1

    bc747bc86fed777358b2c71a8ea95f7ccbf3e5a4

  • SHA256

    01d63645f4c648e12fa693ecc9a926eda29ca031c5d067c687ee65cab67e74e3

  • SHA512

    1b592a7a2034f881b86e7103c4fde9aed0a2095ee6e28bc61a7ff454c9ae0716a95b43785497a627e3cc66cccb6b338f4e832acdd69b0fdddb2c88f05aa73cd3

  • SSDEEP

    49152:xTs9zpYo556eURBCDd/BP1+zX3ympAGBnEl6U8/j/SIGzgnUjQ58IkUC4:x49SoqrRBClh1+znnBd77lPO

  Score

  10^/10

  riseprodefense_evasiondiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2