Extracted

• • Target

    b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68.exe

  • Size

    2.2MB

  • MD5

    65324661eadd4459ede78e55217111c3

  • SHA1

    f1bf71b3528f870d98c6a96e355a9ce231fc8990

  • SHA256

    b72487b4bf0a7ed7112be703b4a51ba841e7d4bb915c5b022cc8269e0b2abc68

  • SHA512

    7a16d5a094be4f4fe05999bafb653703adc938961ba24aef186ca3e6ead4ad4c596ac26a650a8fea178f2306e09c9e75f9837a365d602fb0d1af2f8ae012d09f

  • SSDEEP

    49152:NiMw8bdotEXsA18SeqUZz3JBFwWIcA0lOkUr1WTascH2SE7Vq:NiIbdyEXh1peP3JBFwgA0R6wNcH2SJ

  Score

  10^/10

  riseprodefense_evasiondiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2