Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    2567cac7a9387d6f9dbf8737e11e56b8

  • SHA1

    1113b9c7493028dda29dacfb2d86f544327e4176

  • SHA256

    6b076276b88d0c8d2e4dd3937b76284d8d3cda52eeab3decccc9b14d16218a69

  • SHA512

    b9f9a21f48dccbfb235fa33d7c6773b892e549cfdfc2a17d5a0c36baa5fcbc92e084172a07a42d9d966c074c259868c7818e920a0e85c51b368d59c902aab699

  • SSDEEP

    24576:MunOpLE0Iakgxx0fvEJHnoPU2PvMVwARUpunnzqiLX1z5f1znvbA2eDRGtbsB2uv:LWLlpe8JJ2e/apunzfJzDA7iYlLem9X

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2