Extracted

• • Target

    23e0a74b01df62d1709b5305974c38a8d42280084a83cc5a308c2ca9a682ad69.exe

  • Size

    2.0MB

  • MD5

    270114104958f813db2cdb748f303282

  • SHA1

    39f1fd8840c5d8fed8b10b4b3332dbdbafed5663

  • SHA256

    23e0a74b01df62d1709b5305974c38a8d42280084a83cc5a308c2ca9a682ad69

  • SHA512

    04e6d49593d4bf3a27e18495d73afd849dc4b6901a861013ab8ef83d11a6848a28e8dcb8aa748424d3708564c1766945cb4832155486884d0863a37ef7c50d50

  • SSDEEP

    49152:uFvfohLMmGol/qUezHLaYFsVhUKqOAoo:LhdGwezGbMqT

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2