Extracted

• • Target

    c17afe930719ca7861323d6e6fd2a8c59db8db0bce6ae487078d842105a830d7.exe

  • Size

    1.7MB

  • MD5

    fa42e6e289aa71b35af21bb42409f81f

  • SHA1

    e44dcb353f84af8e6c81ebb6654945898b7fbedd

  • SHA256

    c17afe930719ca7861323d6e6fd2a8c59db8db0bce6ae487078d842105a830d7

  • SHA512

    ffbf8c9e4e7e25c388b69a6d8ad4233bd720400d9c482093999b36b642800457494796620bcf310e907b90d5d1d2a6f5036ceb248c1841dfb5fdfefc9b2dd328

  • SSDEEP

    24576:m0NcbFSaM1s2gtdunZBw3h88o1GUe0ZzxwSUU/qJNeKOPzcObLJtuXBpBCZjPwLV:m0GhSaMG1cCTeNURJGzbuR5iKcK

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2