Extracted

• • Target

    a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd.exe

  • Size

    1.8MB

  • MD5

    3fba342adc9a795c9c5f64b00ce01b74

  • SHA1

    14378e009a4f05fe71df1600dd975d80201ec994

  • SHA256

    a693827d725fbe45e3b42813c281f9e2390af7cb21e06a6d8058923917104efd

  • SHA512

    2729e5ad7763677526d0088abd74406fced6ee7caec5c8774ded57a7528f413c62801ee59030b69cf55aa30b2644d481ebf0af117e9b7e7a36f961bf8c414e93

  • SSDEEP

    24576:K8Ddwv5HafrA7siBwe6uiRkf9tefcy3v0tD4bAXnd7TTv2Z+FNVhrz/TlUyz0jFp:K/FaEoiBXj1G3cZ4C2Y1hrllz0yqhSK

  Score

  10^/10

  stealcsavediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2