Extracted

• • Target

    f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18.exe

  • Size

    4.0MB

  • MD5

    5fe48966c2f11e09fd518e77118d6b1e

  • SHA1

    71ac5d567f1485454b0a3b04cece2d40cf8c0fa0

  • SHA256

    f39af57919d6119847e6ecd6a9495fd0b0996a95b0bdf1d2440b6d6f296b1d18

  • SHA512

    392f086ce8eebaa66896a81b3795543f57086142d880f426b97240d106f8e4501222fb0725038750d70ce8d0e810d82c1048f2f761212b13cdbc632d4a7b4575

  • SSDEEP

    98304:R+++MEQcFUcyrwHeeLn/I9QJo+W9NKdj5tskdoNr+OqWl:sMN9MeeLn/hJoZNKLtskdoNr+Za

  Score

  10^/10

  riseprodefense_evasiondiscoverystealertrojan

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Risepro family

    risepro

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2