Extracted

• • Target

    3da517d01b63fbd2b2d0ae4a7bb98d9d59f8dbeb2414d51a66023982747f7def.exe

  • Size

    1.8MB

  • MD5

    d87df30de1e9fe3ff10f58089729abd0

  • SHA1

    d04f526d4fa0269f1625f3b12dbae906655a4130

  • SHA256

    3da517d01b63fbd2b2d0ae4a7bb98d9d59f8dbeb2414d51a66023982747f7def

  • SHA512

    b0648acf95e59d34c1fdfb1abffe386984551cc9ae67474e1a61d72a05e651ae037e35b9e7fafd1cdbda2668c55b188c54584808967c4ee61e9973ea6ffd8c32

  • SSDEEP

    49152:h2nQ2XlUdyYnoH0Wv4Dm8wAR1L1MD1AtwluHN:hIVmRq0Wv4Dm8wmLmA

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2