Extracted

• • Target

    fb7b61d25814807d2e98b62cd026d0f4f2546002704263370ef5778bf3939f90.exe

  • Size

    2.8MB

  • MD5

    30c6b2e2a949825b48a9d6f9de72c923

  • SHA1

    269447925f130138729c41a7e5f47e424e844cd4

  • SHA256

    fb7b61d25814807d2e98b62cd026d0f4f2546002704263370ef5778bf3939f90

  • SHA512

    70c642291da212888d09c8c152b05efa03e299a18586a0cf7c302b95f866add7096a6688af989cf6266e2139e5b247f29e565a921f90fa3d12da18ea582ffc85

  • SSDEEP

    49152:Nv6XmEUiBDwT3DIP9WfboVx22uxx7iPWeh:NemEUiBkTTIP9ioLuxx7iPW0

  Score

  10^/10

  stealcdeardiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2