Extracted

• • Target

    7478d306c43b50a870384c1eba574ac0c3085ba665c0c49de832eab2326e3140.exe

  • Size

    2.0MB

  • MD5

    30fd70fd67c054a1a3bbc544b26df0a2

  • SHA1

    882e7f6365f7534b36ce892c951471d7a3f73428

  • SHA256

    7478d306c43b50a870384c1eba574ac0c3085ba665c0c49de832eab2326e3140

  • SHA512

    a1c559d4ca7acef19d24664b534e9e2e1c88702eff1788a8d7ac2b53bad9c0ba8788cd9f466f9816f292e42f03f5861357baefcb0c455484dd66f87b695b81f4

  • SSDEEP

    49152:F9kLwxx9G6Cy0YriO31KI7p+0Sin1T2XxaH2PwC4HB:faSGk0YriY1KI7pZh16XgH2E

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2