Extracted

• • Target

    1YPQZ_file.exe

  • Size

    1.7MB

  • MD5

    9e3d0de4343652353b07267361f520ea

  • SHA1

    9a9a89627db72493bae3ee93147d939e23619a74

  • SHA256

    a54efb68df3b1a8efca221079a0feb4f0726becb209b062e9eb832c36bd18393

  • SHA512

    1b236354452848a243a0087e56ebf67c117beefa66ab3bd1cdafc7758b2b5190162f2588ff16f4d7f4ac143b4e290d13089b69bb75f88094aa607701c7597413

  • SSDEEP

    49152:JYchSrfptMpJHAeq1b4HddPKUtwgAzMnQCKQCvf:HSrfoHAe1wgQwQ3f

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2