Extracted

• • Target

    a5e74790a2f881b391466e31bdd8583789942d97e9939df01a07b83d27758a79.exe

  • Size

    2.0MB

  • MD5

    567ef6e233816e5b5ad0a0e4bd771888

  • SHA1

    ddb9c94b7fae577681431db53531cc9740223664

  • SHA256

    a5e74790a2f881b391466e31bdd8583789942d97e9939df01a07b83d27758a79

  • SHA512

    69cbcf4983ab0271d1c31720c8050e98328259a46004477905e897e8fc73f64a61599934bb74ec3f0daa9d274faef95ab91c5751f3ec872d8d14e12ec06075db

  • SSDEEP

    24576:lSOp8uRnsIi91Q7Qb58UorU7QdCilhZ05EVBUAASGbxL4ytFMWPKY+8NbcoIQT0d:bdsXx8U/EzZ02BUtXxL4ytFt7HTze6

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2