Extracted

• • Target

    random6.exe

  • Size

    1.7MB

  • MD5

    31e3b957381af1599cc673311d477601

  • SHA1

    1bb28f2f1fe333bdb9148bd96e54d51de0477066

  • SHA256

    43fb165430900357661675fd65edc666c9f96f928d6f91e979843f333e9d742c

  • SHA512

    3863b5325195a3164b01090e55720244185c90b72f08ae8ca81e8afb273975ace1930ea2bc8014cb68742f10be66d97b2a933d19b38ac611f4418e626c3adb31

  • SSDEEP

    49152:NyojRYBKk+dkwcZ4nM9sWuPISmcWFLWoSI:Nyo1YBKkekJZ59sWuPISmcW8ob

  Score

  10^/10

  stealclevadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2