Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    dd0caaed8398954963c8a3ffb1196e18

  • SHA1

    c62460a7222a2eee80bc8c013cbd6f56cfd8a0fd

  • SHA256

    9a3dcedd0e3cc0aff5a51e23028544fa2459b263c2ae93703754d98dd3c86abc

  • SHA512

    c8cbca24388aba7e4b5e36cee3c089045b16f5f8a1e1f72ae06fb3ad0c1260321d87dbb2095aad7961e141a7637da55ca12539d77f2e2d1e20ff9504ca08f623

  • SSDEEP

    49152:VQXtQf+CzsDGi4cT+o3EUQFnRPW5jwY+pP3b:i2ftyGi4cZ15cY+9

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2