Extracted

• • Target

    9428acfc31a1bd917b6c19f0b67feb8425acf0f4074bf6ce4b4db947d64cfe22.exe

  • Size

    2.1MB

  • MD5

    19b6495f991ce6a2a9dce387fa8a1bf8

  • SHA1

    e44c2f2550dfcdb8d47eb3be4d883be9f6fd09d2

  • SHA256

    9428acfc31a1bd917b6c19f0b67feb8425acf0f4074bf6ce4b4db947d64cfe22

  • SHA512

    6b3ce54f6278c02ff3bd63c752d838e953630f575b61a3928b6a69861ccd9dbe2f7b76acb59c677c166dd9570d909ba2508510970f20762c2cbc9577f6fdf369

  • SSDEEP

    49152:GW+uCJwMrzZU0j58PjmZoZU+MUStR9MoMZ0uoYAFjyZ:/+uCBODPsOU+rStDM0lYY

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2