Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    971088406e40c5d21dbb3d90b8fc0e87

  • SHA1

    ad18e99ce976ef8c51a4a3850f1b4b0b922c3320

  • SHA256

    498fcfdf30304a3dc904c539233aa40f400984f77ca99b1f9ad5af040e20cf67

  • SHA512

    479ac2b5959719fa846757878d64882934d7324c81e430a59338ce8c2f31bfcd3cf5d3b286cccb84dcaa97b1a49a1681d1a2263b82c338e768c9659d7b4b34c9

  • SSDEEP

    49152:LZLgh+ybvnB0naWBYp8gE/OGEBXqkuLUhT:LZLe+YnB0amSopEBA4

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2