Extracted

• • Target

    52957d4501c8b066b7208e418ddb49848c116905b2a8c3d37366ed188fb99eda.exe

  • Size

    1.8MB

  • MD5

    85424194e3012b5970ef13dda8861ae7

  • SHA1

    d3464cf08ff3e16c81d08cefd1c6159c0a501a31

  • SHA256

    52957d4501c8b066b7208e418ddb49848c116905b2a8c3d37366ed188fb99eda

  • SHA512

    a24b6a7a8aaf431f584d38f3bee62c948ddaa488fc6d3c720ea39a1b1e47db1e4449211f36de14a50d66380b5bf2a722b125db6c23143b7de9a1e9941f6a396a

  • SSDEEP

    49152:8gaeIscyHv+wLZNB/vpjqB/s1qoI5mfIG+9xRe:8gVIZyFZLvMGEx5m1k3e

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2