Extracted

• • Target

    1a5fc8cfe67069d01a5bcc44a9e8993e8ce35854537789c54b5c0a915a935895.exe

  • Size

    2.0MB

  • MD5

    4b171016fe6632198cd156e8ea1d9f7b

  • SHA1

    7669b78466995739bfd99471ac3c50cd90aec87b

  • SHA256

    1a5fc8cfe67069d01a5bcc44a9e8993e8ce35854537789c54b5c0a915a935895

  • SHA512

    6b3e6119925d2ef46d82bc3560cfe63dbff484904d11964590ec6c4485d6a2757c1dfcc080e4a8aaecfa290f1badc42c0f6f2c8422a75ee5a64f059cbacdae93

  • SSDEEP

    49152:ay8nO+h453xfzTHv/KLL0zCN+eQL9KWXRLVsTOwrZXFQ9ulGW:n+h4NxffHaUe8zhKiRyT9l+96GW

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2