Extracted

• • Target

    file.exe

  • Size

    2.6MB

  • MD5

    6f359e26259d5f4864bd395cc3c086db

  • SHA1

    ccdcc732e69e9831fb09903e126bdbda64d714e9

  • SHA256

    9f039b4b539d2f8772d7115bfdd0e3c55db8f18ee0ef9cb255afa64ee518fab9

  • SHA512

    99758efddf0a37873f55cfdfeb5e2578eae1a97e4e8e217b4664db32ebfa23aac7801c056817b499ebf844602bd8cd3bcd10d85e77edd17eb3bd7ea9bf597ed2

  • SSDEEP

    49152:76MKZD8x8gOdUVC+XQigB+Yj+gwcSSN8qxaGg1Yp:X9GrUVC+XQtBNxVgip

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2