Extracted

• • Target

    file.exe

  • Size

    2.1MB

  • MD5

    4a1ecd263f814b6e853f0fb85f405a79

  • SHA1

    a41ff8ee67a1965ab0f13e9a8a6432338ba806bc

  • SHA256

    a14d98efb427a2f880155d0f0e6c5983ad1046283ccd2503d4e6689d7852b074

  • SHA512

    ec0d2b0cc8cd1c9d9957a36e85c368eeaa5dd1b7bfea29048bc8bdcb3b04a4e2cee0848a3838638d4c4924948d4b490b310a5ae84a7680ba038a38b19d5ef819

  • SSDEEP

    49152:7AKMUq8dRQ5/PUyj5GLVNMP/G2FX34pw6YTQd:aWdRMPjQVNMP/GmYw6YTQd

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2