Extracted

• • Target

    7a9b9f8c6f5f16844845028f7af75bdc6c01f6c4b5a9dd8e7e23b17b849e505f.exe

  • Size

    2.0MB

  • MD5

    cd75adb80b6ccafd5db77b4673cdd49e

  • SHA1

    fff32ec01216b9a57bd7f0efabaabc75808ce6b3

  • SHA256

    7a9b9f8c6f5f16844845028f7af75bdc6c01f6c4b5a9dd8e7e23b17b849e505f

  • SHA512

    8fc685088bdfb721a24db108ea20ebcafceeaf1447408d9bf733fdcd95e25037725eff4cefe3e22322f1d7c1ed53403633f2434bfe65e0bf03595cbe8684a080

  • SSDEEP

    49152:H2bWB/J7/jRqBDZmL67p18XZ8F4FA2ERJqZGVfMOMZSHMo:H2StPqBDMO7pNK62gAGOOY

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2