Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    2fde3af8c4c3f8d48b84383c63dab715

  • SHA1

    f4463eb91c104176825e01a0f345e6ec732e8119

  • SHA256

    0f080dc2456a574a26e769774b11917771e160adaf7c47e07c314e9fcd83cb5a

  • SHA512

    6ab59be279b47f0c4a9496057b488bb2f85776f79d1e50925a75584adc37d75f6d359b487e0957049e6a5537c6873ec7feec43a828c31af67e56982239b87168

  • SSDEEP

    49152:ldIuId3HGYCCyyoe6HqAxaNAxpfMhysQ4u9V:/5Id2YQtqPNOpf74u

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2