Extracted

• • Target

    c643a26be7c61eca9e0d2b9d9d073d54b24ab18792555c45c81a88f0bffc57e8.exe

  • Size

    1.7MB

  • MD5

    a2914123bfcdb29e06dc8283ffb24aef

  • SHA1

    5660ce00d7473ca61d460219ca9b1c2ac6486b97

  • SHA256

    c643a26be7c61eca9e0d2b9d9d073d54b24ab18792555c45c81a88f0bffc57e8

  • SHA512

    f1fe509bb5bd6b237f5111b6589a3942c597db7316b5b71f511493c9e2876cb5b9d075ff94541a040eeb1c680292c1f0e69049d5215f1f3655ff70cbba410294

  • SSDEEP

    49152:Woy/VyzxKmSv8E7xL8sYmNFGKcRgne8s7fegCj/Q:vsvHd8szSag

  Score

  10^/10

  stealcnorddiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2