Extracted

• • Target

    a23e1bcc61ca1ec01443b28086f0920f5189d26c58e6692222af6ce94a06263d.exe

  • Size

    1.7MB

  • MD5

    97dd619dcbadc44470b6c19830164406

  • SHA1

    e7c6df990e5ff0686480dd2e343c91e51cdd42da

  • SHA256

    a23e1bcc61ca1ec01443b28086f0920f5189d26c58e6692222af6ce94a06263d

  • SHA512

    2d628e2b2d0fba5e9d6f38f86d655a1f4d0e8a367e82804cbfa1261f1593a5b639b84f1ce29fe4cdafb269a38414a35a0605b5b8ddeac3a398d9d692b931bfea

  • SSDEEP

    24576:f2gRID+zI3mpgDqdPKiNNr1aGQjQizP8BRp3A7MUzJ6NOcq9e5BqdqCAe2szgQyl:u7+E3pKCS1RQjpm7hUU4cqPoCAe1z

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2