Extracted

• • Target

    file.exe

  • Size

    2.7MB

  • MD5

    87b7c3ff7a1a3df2cfc46e7cc0e44b0c

  • SHA1

    775e4cca4b85476cb53589c0010ead64831adc64

  • SHA256

    56111ed2e685ab0713e4d82da3be28098e64fce0b89dc42fd9515c54b31782bf

  • SHA512

    2aeb4d4154a6d76f4232a2e6cfbdac2a1f77d36bd3ae8f243470fb28fae87d56c564c15ea11e0a196cbc57a1b669bd493384a0fd37a51868ee06111257c78492

  • SSDEEP

    49152:/VSfpUY7W9y+ike76tu9XyKnDjCoHKajq6FcT2d4H89rP:dSfpUcW9y+ike76QvdKU2I4H89rP

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2