Extracted

• • Target

    e854f0b6e6506ccb5227f07b8122522b766f9833b74bce5127c46561995ab51c.exe

  • Size

    3.0MB

  • MD5

    5fc9bc3ba9d0b1049df7ad8df8e08d07

  • SHA1

    bbd31e9383e944ca453408d40ed2eb2fd5c87de6

  • SHA256

    e854f0b6e6506ccb5227f07b8122522b766f9833b74bce5127c46561995ab51c

  • SHA512

    62ae524f66d0d01de504e5e999d5fd38817074aa4d9d8ce159835c027c52e9cdfcf56982ebfcbaf0744386830361b159b129c6a081785240e3795a7a3dfe510a

  • SSDEEP

    49152:eOBhu0uFXF0zRjz8DFs2DIFPvwkmpndb:hu0uFXF0zRP8DKIIFPvKdb

  Score

  10^/10

  riseprodefense_evasiondiscoverystealer

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion
  behavioral1behavioral2