Extracted

• • Target

    968c80a2bd0481681bb6674ab957e9b1d15eb2992f62592a6946c79c1512c5fa.exe

  • Size

    1.8MB

  • MD5

    dd529f774ea232f4da3934f9ea885ae1

  • SHA1

    c85976533e55d0ac55b1035bba7f2b6aab205c5e

  • SHA256

    968c80a2bd0481681bb6674ab957e9b1d15eb2992f62592a6946c79c1512c5fa

  • SHA512

    8a87561e866469dabf0d8d6ccf1b15f827526f7daf56ebbf897e5415d9dba5197f9869c8e4b3136a214e84a120e6380284181f98104ab28a37d58e62cd8b3d3a

  • SSDEEP

    49152:V9rhr/iHaXoo4tgDe+FQF5LPnE1jnwsmvb8x:VlJorgW7fE1jd5

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2