Extracted

• • Target

    57b97773593b3b07fc9607580db07bcc087b12859609cef3935cd7d933257ec2.exe

  • Size

    1.7MB

  • MD5

    ceab4bdd04d57e5a7a4df89c97841c38

  • SHA1

    ecd20bf1fbb58e1fdb1f8faf4c7c9e6fbd13820d

  • SHA256

    57b97773593b3b07fc9607580db07bcc087b12859609cef3935cd7d933257ec2

  • SHA512

    cd84a8f59c898fa7edb3ed8945132274b17254d8c8e00ce5e0705797f395c7a78dd4930ff112114c85be9b46736a8514385c13ad71c080e8c4d28c749cddbb43

  • SSDEEP

    49152:Bp1hqdf0lfpMI+z4EKozkQKu3naBoxR4mdU0+:Bp/qyClz4EKozkQJlRFY

  Score

  10^/10

  stealcnorddiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2