Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    e6d376703cdcf790de08ae0b4d47d2b0

  • SHA1

    be5f63641e342cde6d7e9bf6d53ccceaaf5d9d40

  • SHA256

    b22fa0021f1d5e1b90241a50f6db19e219d7ae3686d978defaeb3ab50ab8d699

  • SHA512

    f960a6fafdd5577b9031201ad49a26441ca5aa613b4175a25756201cd38a268943de88d5a9ab657d07b9e147eff2adb6d3290121b1d9a25a5e77fa64fe3a339f

  • SSDEEP

    24576:vIcmRMW10mHQD9VwkfvBAy5ABF41Zd6hG7Ok8EqmVIqZoT9Mil+FCwpg45uvMLCo:O1JwD9VEw2F456hGijEOZRPyb3GMdl

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2