Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    370cadb7621a13993645359f7cdfe8c0

  • SHA1

    9d7b760ab7c5ee25fb5c75faf69d6b0f97c320db

  • SHA256

    cf2db57a4f6c7554a4688c96178409f579e8c0c0f285501705b8e23d634a1a60

  • SHA512

    0f921c70b3c56d0ce5d6fc369468364ffdc5a8c6cd563843aac46859d801c8b6719cc25304261da69c3e74f596d59ab008647573a8ae9d6888211226f9a20c30

  • SSDEEP

    49152:qm++cet+d/qi7C4uwXDCJGYXSvR98PUmtomM4:taBfu4oSvR9u/JM

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2