Extracted

• • Target

    05d8c0bf7acbc23d2a49073d4cdde8547526bb55b6893f21c4753cc8800b0a8e.exe

  • Size

    2.0MB

  • MD5

    e71c5aee12ee323fc4f40010437d4186

  • SHA1

    6389bda37cee4ca4724306cfa8a73ff318713de3

  • SHA256

    05d8c0bf7acbc23d2a49073d4cdde8547526bb55b6893f21c4753cc8800b0a8e

  • SHA512

    d3f0a9cf2eb19f1573b289bfda2c3d0e11aacbc334f4a8c09318e9379568fe5db15ebe5a6db6f102168a14e1255d6949f3edbcbeb7699a0ecbd35f2d8d5f0d9c

  • SSDEEP

    49152:H5N3S9xKFwDyNDflUSreJuuCvOQnJYmNh+s:H5hS9xK+DyNDNH9u+BNh+s

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2