Extracted

• • Target

    9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39.exe

  • Size

    1.8MB

  • MD5

    b4b42d42e8416be5a8e8a82128fa5b7d

  • SHA1

    afaa0dab7641ef5398cfbdf46cc3acc5f1cf4c81

  • SHA256

    9a30602027dae451db62a56ec35407da31fd3c906e043784fc8e07787689eb39

  • SHA512

    1d2a0a34c30444ab02081ef00388aea4eb8116d03d5945190f047b1dab6303950c6e7e49e6f536d746890fb43a2c55e248f5d757adee234437af16ac49974fe2

  • SSDEEP

    49152:AwrTJ3mlwFh5zs6aAgui4TllbQ51wdg5M+RK3xtxl:AwrV3m+Ff0ARlr02g/Grxl

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2