Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    2436f5bc4146385648a72a27897ab578

  • SHA1

    daf603434b49d4bf2866a3f53069845f05130fcb

  • SHA256

    aee2dcc810b97f1bd7809146f7f33887e806561329c0b6288ecb1d315e4f6740

  • SHA512

    e32cede58485391ee8621b939f28e7234095391ad67f944929b8475528f8a08f801d3997138c0935f40d17ec3e703d0d499e7427bcc570102636e1ea8cff2a92

  • SSDEEP

    24576:GgeQlF4+kLpUneDsY4UkgvFpPFINtkSI6ZlLC8yvoSCXocu:/dc+kqn9U77ePXIqlyU

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2