Extracted

• • Target

    46c4ea3a2dd1a90ccf1db730d55ac8398df682955022bdd4f6596ee63f044bec.exe

  • Size

    2.0MB

  • MD5

    77ab35e94aa19136da2e52a77ab4b563

  • SHA1

    1efb8a56707a511ac73fe3e056a6485bae7a9551

  • SHA256

    46c4ea3a2dd1a90ccf1db730d55ac8398df682955022bdd4f6596ee63f044bec

  • SHA512

    c30a7f7f29866adf628f37bc63a94d3c0855f90642de16b5c528ce4da10c42e037f8f5f876a328553058c253dc9f797784ba0ee1f4dfa7401d06678b42cfb5ea

  • SSDEEP

    49152:zwF7jt7uTl2Du3Y5y6IstEy2qQvJ8DkLzd5JPn:sxt7uTlzu17XyaD6rh

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2