Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    2a29388bf33283298f9e7627e8949930

  • SHA1

    d0344a99409a59964592060d1741432f063e7ff0

  • SHA256

    46a4affbb44bdc5c43f6656123e4d886112e2b46479d08fc59751bef5f4c2da5

  • SHA512

    e3afe5d0cc172853600d6f54817623c85a4ce41809a515a90d62085e7a693868eeb215f2e0fb055f45b0cbddb733679d61d24bb77e5b750c012dcaf6d4451a29

  • SSDEEP

    49152:zW/1CY4zZdkjQYhbfNe8or/6MGPOneQnc:4CfwVF2r/6ieQn

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2