Extracted

• • Target

    da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff.exe

  • Size

    2.2MB

  • MD5

    dee688451dfcd52d620e8c8201a7a5bc

  • SHA1

    4f798d70892251af7c0e31ca56f79abd7252ceff

  • SHA256

    da45b9473e33ec85d94bbf19ac10b86453ea7527e8da86040384eeb3105d6cff

  • SHA512

    ac17271ba35741b93486a4f7492738e3742dc8308b63b7af0ec6c484c7b5ba1dca346c05e0e907a417553f0a7b8a3137d2b1fe3f79b85b4549a2d6f897c88a33

  • SSDEEP

    49152:oSUl6vD5DxN6HHLJ9tLb69B7Bz6rmPxwg9c7SEDkVz1ZYL+sZL:oSSwD5Dxk56j7B2rmPxwXXDkVzUnL

  Score

  10^/10

  riseprodefense_evasiondiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2