Extracted

• • Target

    c7c9885abbbc9d86738f51b6ba95e6161794108eb0866a5271dd208d041677f3.exe

  • Size

    2.0MB

  • MD5

    ced67189f5873fc99e7bc67d680c45a6

  • SHA1

    f6b408a1686478ef5d1167758860606699bdd9c0

  • SHA256

    c7c9885abbbc9d86738f51b6ba95e6161794108eb0866a5271dd208d041677f3

  • SHA512

    b243dfcda134a6409aa6581f80afc0f98544ac736e13e91870e5a4f10b6ff47cae8523ded486c2e54952dbc362665f1a93c050376f6105810f1f8b4357fc93d0

  • SSDEEP

    49152:cdJp996RrmvV4CaT9qJGx0Yf5Aw1OLniyB8n6s:cXp9IR6vCCbM8

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2