Extracted

• • Target

    f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580.exe

  • Size

    2.2MB

  • MD5

    685b3fe3cadb30d9b4a70689c13b7aa8

  • SHA1

    50c048e1304a634dc5a293d3b37499516fc646d3

  • SHA256

    f97367c6ec4183d2010f7058986a1a625588720e07f4705c865bc34a75f1a580

  • SHA512

    3cb32ce1809fddd56240d387d249ad261233136589b8458ebe292fa9ecc63d59e09351958d95af278a43f570f63bc91cfe7603ba061b915b21d17618ea98d91e

  • SSDEEP

    49152:bSUl6vD5DxN6HHLJ9tuk1rX4XqjgoF0qe0J+jgKXM:bSSwD5Dxk3X4Xq30qe0J+jgj

  Score

  10^/10

  riseprodefense_evasiondiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2