Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    0346a5b7e84da53552826eb2061eb3de

  • SHA1

    5a69a7e1fa61bb7f83f46e00616b2f2465891550

  • SHA256

    077cfebf17a05de67e6bd32828a6710312b4ac28c1475ae4cc3346b8607d254a

  • SHA512

    afa5a2700299ab217d290bc2be922f4bbc3032f0293f6eea672a729fe98707c1f81116ebf1996c834d2330e2e4276463697d7d39b92be243869d25773df45129

  • SSDEEP

    24576:4CeoLQC8OdMn/rqZwwt7FsqXSJsLUENSg13UCm6iVBYu8QoW8O9wnnBE8u5u:4CeHc8ISPsLFNn3tm6Kbf9CB8

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2