Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    52da2906c78bc9840cf933c8bcbf351a

  • SHA1

    92df58073f14470dc06759af4fec2e9f4c8204ce

  • SHA256

    dcb3603ec608359cad55552387cd857560e3bf9a3b0f0a9b94cc02f569ba314d

  • SHA512

    aa7e4015715e154702a74c4b54ce6a477ae4e5c7281022c7aae00e284079c3b5606098125da1895de7b873b5b7ea07fda2988c2e1f9d5731cce8993851db4da9

  • SSDEEP

    49152:c2G2GqZJgjovG8BQmVswkY/aqhxnSWp3Fw0d4VPMCsve:M2JKovsKakFSkmNPB4e

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2