Extracted

• • Target

    build3.exe

  • Size

    4.3MB

  • MD5

    e16957f1f2a002a88731cb0a4e83582b

  • SHA1

    7064b2c73c47ec23869c42b602d24e0528f6b6fd

  • SHA256

    4b7dffe03a441651449dd62371b84dcc07a7ac63230484f975c1a61ffd48724a

  • SHA512

    aa76071ef88c2af9d66872f56dcbdffaf7bc57464ec8940fecca83e67705cfeb3ace2e0944a5564b634784d7257bbac2c6b626c07122c3ea6f0b68c6b221908f

  • SSDEEP

    98304:HfDK/kNcRVJDjZuGEadegCKyZJOfO5TzJlfyRCQew/S:HLK/kWQBadxoTzb3w/

  Score

  10^/10

  stealeriumcollectionevasionspywarestealer

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1