Extracted

• • Target

    fb4fc52edce60144470de15c05641f07ceccce38c7cf668f76d7f8260f4fe94f.exe

  • Size

    2.2MB

  • MD5

    61d748efcfca4df87cb46e45dd9f8bae

  • SHA1

    6b93f5a69750ac8e7579141acac5a38ed9e2c86b

  • SHA256

    fb4fc52edce60144470de15c05641f07ceccce38c7cf668f76d7f8260f4fe94f

  • SHA512

    003f18014770a6689ef49c4a6d7ea03fe570838f2bc394685fe6157985884d99798304b7b8b1c367651f63fbfbc39fed8b691b7a8453a5f0751e66d3ddf12c95

  • SSDEEP

    49152:dgwSFxJGGWx8tUzPEG/K2PQT4z0/WgOcUqZLpFtJgUJ:dhSF74eGEmKNfROcPDH

  Score

  10^/10

  riseprodefense_evasiondiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2