Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    d40acb6cd766db541a159c80ee046860

  • SHA1

    f1e4fab86e1c6f9a3ee85c6b3ee9790e89e461fa

  • SHA256

    966097887f87af70b7b6ec3af24cde9be244141d224af0f654452bf890ecf1c6

  • SHA512

    da30a70cc05c89695deaacf488eccfd2452debee83d29751c23a62472def8638ae8c2cd7d3191bc9e8cecce5581307bd3220870e36f096156896da514709db0e

  • SSDEEP

    24576:k2C8bGfoQZYpZVuh21YAaTJ1+e8YBH3RRFGshaNx5zyqMd6+NtT861/4329l+Gm1:tC8bGf3WKUeZB5aXcqMd044Gv7srV

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2