Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    582c09e30698672fd833e6e6c0dc506e

  • SHA1

    37dafeb7ea62e155ff3f2d47f84011b24ef8ba2b

  • SHA256

    99e3eaac03d77c6b24ebd5a17326ba051788d58f1f1d4aa6871310419a85d8af

  • SHA512

    495525e62560e397c0bef9c7f17358c08547c34930e772c8e59476ec50b7196eac28a0cbba83d0d90ebcc4282e210e0d140292cf4bfd52262cba45e2a9d6a1c9

  • SSDEEP

    49152:31U0cR91UH/HfSve4TthkZ71pGjYgvsiX+xmc5Q:FUXR91UH/KvXTPkDYc+sQl

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2