Extracted

• • Target

    d25b36287ada269b8149bcfed2694f271b811ef247d8d29fd22fa12dc0ab858e.exe

  • Size

    1.8MB

  • MD5

    ea98b1b767d5adb09104056fa438b329

  • SHA1

    02381c398ad1cde40a032c466d97450f36811170

  • SHA256

    d25b36287ada269b8149bcfed2694f271b811ef247d8d29fd22fa12dc0ab858e

  • SHA512

    8ad6d696e92f00faac79664d5519aedbde5e336aa7358e6ea5c2b84a8b37e043bbeea42a3da8b33a0e87832e11395c590c79c8b73a28fec1124c1e784e3b22ab

  • SSDEEP

    49152:Pm54Pp76OKT1KVDPBV0bGEITUsN4PuNIWT:Pn76OKT1odVuGEBux

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2