Extracted

• • Target

    random.exe

  • Size

    1.8MB

  • MD5

    e4e58a4e508a4dc0aaa7083445c7069d

  • SHA1

    3060a2f6a5a4ac6d4fc4e9175cca77b1169f7d2a

  • SHA256

    5e60987abaf53898ad83e58f4536b5f4860919d59fe23aa172ec69df41e7eaf7

  • SHA512

    7788503bf4151877ccc024c60eb5be8f1b17c814490796f4082f4bbbc7436ddac158a5afffd5788fbe1d8bc5f7beab863750686c719aa013d90235a8bd552ce5

  • SSDEEP

    49152:3mds3zWY+rnI85ZI0Lw9k1VqAKsGWLl2PBEuaih:3RR29+gw9kPqjlWLU5Eu

  Score

  10^/10

  stealcsavediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2