Extracted

• • Target

    82f616d52b57206c3a4147690fd1df62f63b0965dc12258818096f8b1917ac5a.exe

  • Size

    2.0MB

  • MD5

    0e727adf626e2e2ddc804235356a8c7d

  • SHA1

    246dbe1396fa725ee66e935e7ffb34fe9d2df182

  • SHA256

    82f616d52b57206c3a4147690fd1df62f63b0965dc12258818096f8b1917ac5a

  • SHA512

    3470449d60003867f70af55ff61297abd1412dfcfd8f0be97f8c1487f9992da0c5d1e889cf79aaf751566f023935c2cd00918d1096d85a7ed67879c2ea7ea8bb

  • SSDEEP

    49152:TSVtiL1aHWCLrMLibDNiwmYEATbVvFrd1:Tb1cWlaIwmYEAvrrd

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2