Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    61a83d27f9373c43a548ccee926bdba9

  • SHA1

    dceaa00791bf48e192755ff66925a9dc226bdbe9

  • SHA256

    488a3eb3efaf19a0eee8131c369c47d7efd0a7e33bbf2262173a61438b471b9f

  • SHA512

    86b5151809ad4e05837eac1d34109d7f287f5b01a65fe747f8b93de1dd133e9fa6904ea935555744bbcce89920bac9fdb9ef10596c0066015c34ca901528a17b

  • SSDEEP

    49152:4zLY7OJuAMvi+1bsAMxmj4oWKvFAHGQr81t6y9sKXl+xA0Io7:40OJ/Mvi+1bQxo3vFGGQr8LHsKXZ0

  Score

  10^/10

  stealclevadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2