Extracted

• • Target

    3a40829c55f4ec87b90ef71e017a7c9f2fbe12f81e0ac4dbac6157d2dfb1f969.exe

  • Size

    2.0MB

  • MD5

    e9e08496a40c5a11165101ac24017cba

  • SHA1

    71a1821737417c3b3cf665361203532893413e61

  • SHA256

    3a40829c55f4ec87b90ef71e017a7c9f2fbe12f81e0ac4dbac6157d2dfb1f969

  • SHA512

    4e7170f6952f05b9f49e330f60454351b39fc4ed425f3ca5b3f957b1c8fd657e9b2e52c3ddae16893eaf69da6a56a1979e45b74797bcd1b46fd1c2e231ab7883

  • SSDEEP

    49152:O/oAL2TPzCrmYAr9nwiihSG77c7lL3yMqk132U0rzm1Fktj:ELizCrmYA1wiihR7alTf32U0rSFk

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2