Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    172bf58ab4bb9a4e3d1b20f03b30c315

  • SHA1

    16dc5beef32c7e3272e6d3b6980a3e385dcd69c7

  • SHA256

    a43537b7a34c2d47c025269ced5448098850275b95007519b2eab213e9f214fe

  • SHA512

    00516c49b2cb12bd07da53028af6e8508e6240b88eb4a7e78c9f8f4cccc1e42683c4482ca09615de3fabf29198a928779c1e03b9b083a42f9194097eb1c2c06a

  • SSDEEP

    49152:mBuUicUQZdLHiiB4yRX8GNsFTL2aKPuQ1RJ2gub5dKv1g7bqjC:1U7/dLWMXpETlQ1r2gZ

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2