Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    590f51be06bdc817a6301c026a725952

  • SHA1

    b0c6b41b2e15d86b18ca965841fe0d0935939876

  • SHA256

    70667fe956c5b94d5b1e559bfcbd06b31fbba00dc238f9d79aa6fe058f212b86

  • SHA512

    ba7d12a71e2b2d84d5d5696c2b4230c48a1483868e562ec300bbf7bb3c0df213fb7f92ffb6fdb0c5c4ffa35d71cb4078ae6e2c975ab3aeccf1b2ec0b65d68783

  • SSDEEP

    49152:mJCmo096p74iqDjUPf1fudfYWJ5/n7oUuYjRoY:r4i0IdfGhRuYjRo

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2