Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    1a0e4516a1c7cc94a52f92720ad1ac3c

  • SHA1

    6c8fd0a234e51e1535303f726cfb7ca64904e785

  • SHA256

    8e15f95710c81f116f3b939eb9830cbb4abfbfa649b4953294fbeb467282c031

  • SHA512

    b918c1017bd0e671b88ee58f861c45f191e12c14f2b92ce02d35fc588a46d55d4cfcf577f02ec1d503dd9b5cfb4385ac9e8e5612f06920d5c1b104545b4a6fbc

  • SSDEEP

    49152:OL+kbBGFGiyIsIZAMnZK86tSO5QcVzWdmChdISrG:nkQoRDKT6YO5QcNWmChdL

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2