Extracted

• • Target

    53640549adeafc14bff28e22e.exe

  • Size

    750KB

  • MD5

    53640549adeafc14bff28e22e378b681

  • SHA1

    c46173128148a0fb90c7aa67553068035edc8d04

  • SHA256

    f8be822eb877bfb50b6d04449004f9778ed732b877c4f2975313b8559cf6e842

  • SHA512

    0c74669ac5fcc63f0579acd7a377bf286e5bb3b5e574efbc14e541471c87b46d88bc6e76e2bd974223a079944acda0a7a7f7ca829f2e2e8de0a88acc9653ff24

  • SSDEEP

    12288:VS/nqdGGwe4kVt7eKS9HvO1WVZ08yDgG:cSwGwNZKMeX

  Score

  10^/10

  stealcevasionstealerdiscovery

  • Detects Stealc stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2