Extracted

• • Target

    ddc1905c32c0e7accf0020210a54b4eaacd78d41b6bcb06e4bef43855dba8b23.exe

  • Size

    1.8MB

  • MD5

    a9c3667b85210119f73c2b342f798e76

  • SHA1

    d264f4bd1694771e3ca47076f94d6c9b4312c075

  • SHA256

    ddc1905c32c0e7accf0020210a54b4eaacd78d41b6bcb06e4bef43855dba8b23

  • SHA512

    fce89578fbe7b320d6a451fda4d7890ec409feffb524a8f26a891b6b681b28c2b132fbc398ce49fc8c765cf7dc9bc88c86aa3681e45750a8e2caf354212538ee

  • SSDEEP

    49152:2shFP6v3/x333DRgb6BOVjykBtbF9FTdXfouu7WXxEZsAH:2w6v3/x333NAF3TlffuCWs

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2