Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    d775f48ce8e1bf099940aadea2931d37

  • SHA1

    d382d341f516dad321a347978f66d32afcadf653

  • SHA256

    2c66d52f8b7959d50d8a9c3f91bbe1a3d94fda1ef4c40d9813585b633bfd7590

  • SHA512

    acabd62baaa22f1ee88d35125d94749b2cf04530e4815d61ae66adb3e0959c67eb46fc90831d6cbf4bb10e3f03cc8703e25e7e9bff643a86c22ca1d878ecf059

  • SSDEEP

    49152:HWP6mDMCao6a6VTuh9wm0cq9dZoymxnT8W:664ao6awT09N0cY/5AT8W

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2