Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    a16143caebfe71db9c9419f916a52c73

  • SHA1

    ffa06ca58be8556ff55d1f710bfe74b4b17b8e14

  • SHA256

    17bf4aec064adbe41df0191e1f0463bcfb43227d5b2ea91fbc386af9690c8cbc

  • SHA512

    e23cf8e70361bfa67a2588a82fa919ce5e3e7df0494ec1a31694a1c6bb81898c56710207879f0d583690a082f771539939944025c3a6d94bcc50031cb52da314

  • SSDEEP

    24576:bUr5NnOxz1VIivDv86UzwuBgr9vA7vkwVY1g3OvDwu0bHfyI/s/HMiUpDmpd/MHa:or55E3Vj86Uu9vVwybsq3/MiAiP/MH

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2