Extracted

• • Target

    a1beb1b6905dfbbe838d57ef29eb0da2b9b55774c2e671b17b97f1f7270df4fe.exe

  • Size

    2.0MB

  • MD5

    1961e708ede31eb77c90159c2182395e

  • SHA1

    f84842f5691277be672adbdc9df0ed3d195df533

  • SHA256

    a1beb1b6905dfbbe838d57ef29eb0da2b9b55774c2e671b17b97f1f7270df4fe

  • SHA512

    4ddcde6343ad3cff829d86d4011583f56263005ea8de17b60a353545f93837f4d4039569d8292ce542bc1835c967ec25405896949349b03eae509b0575a9becf

  • SSDEEP

    49152:cLYzhE42nWtGu/MX7SoPnmcNpU/Dk8Y0rSDk7YB6u50:EYzqlWbkLSAmcLgqBQ25

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2