Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    942d8839790190a0b7269d587425c3ef

  • SHA1

    b61fb82d04980dc1453247536a95bb0f721eb59f

  • SHA256

    df99583b876c169028a4e9817489d6c3fe65c391903a9bf2db295cbabc4cdf63

  • SHA512

    1b8cb308198b9270637fc4d1cd65bcd4b685e93365b031af089730a67bc8e21d4bba143ef005c7f0294256b0bfec6ba0f8322f125cba5e5d65950cdc0336efa7

  • SSDEEP

    24576:iJOPLfOp3gaxn7RMZ1kcoel7BYjxe15w+OvCiuEcec1vbnvw1/cxY4bTTmtM8jau:HWGax7RMRDuxe7qChEeD80xPPmrGw+

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2