Extracted

• • Target

    ad11cf77519363b68bf8a5cb253da228cdbd8954e25032f861eb61e474306f81.exe

  • Size

    1.8MB

  • MD5

    10a1406d25edd558e76ecb1565013aeb

  • SHA1

    3d73605ee9879356b4e21ca690e0c4d3d2f324ea

  • SHA256

    ad11cf77519363b68bf8a5cb253da228cdbd8954e25032f861eb61e474306f81

  • SHA512

    008d052251d5405af1bfb2056ac9b55a7fb8474b6785842825b86f4bb9a39e67d96ff50a7fe2470e21f86898eaf1dccd12af7b2e97ca9f0e0844892bb4acfff4

  • SSDEEP

    49152:/sR8QOSNeXAfabtWdnOBSesfBNKbCPEqu/dEa3FSW3ld:/sR8Q12MabINQXaJW

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2