Extracted

• • Target

    45bbfe6526c7aa0ac16355e301a467c2533bb1b2455dea1405deb80be734f990.exe

  • Size

    1.7MB

  • MD5

    7696fd52645fd5bde71ca7eb4b2fa935

  • SHA1

    50fcab8ebe7f490596c51ceb520f6a972ccb790d

  • SHA256

    45bbfe6526c7aa0ac16355e301a467c2533bb1b2455dea1405deb80be734f990

  • SHA512

    1bd56f6e9d4c2c89b2ec3142762b50f9820a359e6f6f1143e769b67b878e24ac3c815ed79eb20e0ae556a2deda76a6ca7d49f2075ef6b905713019bc98fb7a82

  • SSDEEP

    24576:5SsLrYJswjqQBhcHER9RvUArP+G+EkMNSriZZT3a/dFkyBVZMyPd29zlLVAfl9D:YmrYtjqccHmRvUAr+E5ZZ+VZMCYjkv

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2