Extracted

• • Target

    2c1bd458de96fe88a598ed1668e614979a6c3caa9cbf150a5181faaf7d96b047.exe

  • Size

    2.0MB

  • MD5

    5ba2afcc26649c37e605a70fe412ca35

  • SHA1

    bbba659d5ea75b6b3599dc110e8faff8a239fd57

  • SHA256

    2c1bd458de96fe88a598ed1668e614979a6c3caa9cbf150a5181faaf7d96b047

  • SHA512

    d47f9856804ada2b6d73493173a9fa0fb94d7f78abeefb344813b77ab1050f8b9d0cda15dd0e36c035b537930b9b8d28939a26f61dfbf08531a5803e5711bc50

  • SSDEEP

    49152:qw9TbwsAWocvG6S5t5zbHX1XVWV4J6AaXten1Fh:qw9TbwhWouS53P16g6AaXC1F

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2