Extracted

• • Target

    35ce1834e64cfffdd4729c0254790e7aca014b3013733ccf872907d8d04e2b2b.exe

  • Size

    1.7MB

  • MD5

    c1a82a310c9dc31947dfae1e6136dc46

  • SHA1

    a9868cf5ede614df7911b1e62b5d20a04fc4c259

  • SHA256

    35ce1834e64cfffdd4729c0254790e7aca014b3013733ccf872907d8d04e2b2b

  • SHA512

    9d92a6b5b19ffa9a4b4d82ff2a09347e7cbc5e26ce9e06c35cd9c4adb860f08b8025d6a1526efeaed0da375042fb6a2ca5143074f85d708c806c7f2212e3f077

  • SSDEEP

    49152:M/JfWg/LVoIxTfmkLXMlEdeZV5yPfPhx62Aoz:i/JhpLXiEgXUvhBLz

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2