Extracted

• • Target

    c717c99168ece96b29acbbf93ce125816e686bd40ddbaa07ea9aee4c701bc2cd.exe

  • Size

    1.7MB

  • MD5

    4f742babf73027a08796b1e61af4d615

  • SHA1

    251c97a671cb3386811f3c20203f97c4669affc8

  • SHA256

    c717c99168ece96b29acbbf93ce125816e686bd40ddbaa07ea9aee4c701bc2cd

  • SHA512

    4d60dfb940510720c0124ffd39bff5fc6458fad6fae9dfe6985b421681aa77055b4f976e1f4f1d9c82c27869f5f1c3b126c463922add584b3f3e4887b12e158b

  • SSDEEP

    49152:yEbd6zCT3FyU3cxkkrWups+kSkCJ5i2o2o/k0WJM:pOCTQU0VrWupvlkCJ82X0WJ

  Score

  10^/10

  stealcnorddiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2