Extracted

• • Target

    file.exe

  • Size

    2.0MB

  • MD5

    3bfc4d0c1919dcab09a734d1a552a012

  • SHA1

    b748424b48ec7e52ae249566d9a6edceaed3691d

  • SHA256

    7984d55eb2702a1d13486c38ebfff582138d73280895dac749b9ec6010f891f3

  • SHA512

    e8a411d0342774913ccaddcd3767c518ed3bfac1b52f9f8a263b45a132cf2c043106dc1404e1d5a36c5cbb01b81a0a54b4a4a89007bf320bfb9d8416607fd4ca

  • SSDEEP

    49152:iotH+obcn30mlAAliS/UgOfGuxFfbPE41Oouct8Pq:xteobcEqcdgcfjE49uct8Pq

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2