Extracted

• • Target

    bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b.exe

  • Size

    2.3MB

  • MD5

    d91d9163b04688bb52599103b3a75271

  • SHA1

    cd2f8d71a2653940fab74f0cbf42169197dc0f6b

  • SHA256

    bf0e72c9c9719bcf68a7db0454fbb51292538460fb3f14a7e3b1b991f4d6c58b

  • SHA512

    e372f89907291b1f6f9bc0c2ccfdf5afcc60578017a55edf02199c5a8d6985b79dcb7d126ac85379f29a95a959bdd0a781115916ce564e6c2bfa077dfe50c89f

  • SSDEEP

    49152:hSUl6vD5DxN6HHLJ9tMlVaR/DHIK8h/wWGpJ0+sSzepQPsdryd:hSSwD5Dxk19DoIpy+sSzepVE

  Score

  10^/10

  riseprodefense_evasiondiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2