Extracted

• • Target

    47649fdd7914ec78d4f83a02ed38bc28393592dbd5e4c2cbe7d8afba4b89828e.exe

  • Size

    2.0MB

  • MD5

    45158c5644fbb777e6c117b71ba699b5

  • SHA1

    8ba8137c2493d3dcd09e5f19b1ab9eb7fbb54775

  • SHA256

    47649fdd7914ec78d4f83a02ed38bc28393592dbd5e4c2cbe7d8afba4b89828e

  • SHA512

    cec9ad6e9bfee65736e5958e9d02b59af456be70167af32652c2bff6bdd29c50e0c5480a9b7c7d42d9d21dc1da72528771564de6b347a339cb338b507aa5f4f7

  • SSDEEP

    49152:bIcd9U4/33a5Kl1WtBHO4Ej4MZbl1NWQxNkZuXdcf/ilzN:D9Ue3cwYtLZMZtWQxpXdcHiJ

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2