Extracted

• • Target

    c2295f41e3e74394823ebc9f99265d4021de67f36e3c257600d610781e2f4ffb.exe

  • Size

    2.1MB

  • MD5

    5c4e5d818a24cb9d69fc18ce0dbbd9be

  • SHA1

    618a41b2cd9fcd1307a120f3cd78b86862b25d4c

  • SHA256

    c2295f41e3e74394823ebc9f99265d4021de67f36e3c257600d610781e2f4ffb

  • SHA512

    93dcc942a9adc63d7457106277e65d0c665c9215d47e266e3fa061ad3247e763747ae5fbe15e255995b674322a65635479eb0b6afd81e5db9f6fc997e96619a8

  • SSDEEP

    49152:TB4MjYlOtMZj8GMeQYJAf9Pk36xaCevKFbMIbJo:1Y4yj8GAxyoFb7

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2