Extracted

• • Target

    7b01c8a4a7c7efa68631acb7979c62672b51cdd464ec181564db8578f0a26187.exe

  • Size

    2.1MB

  • MD5

    47bd0f65bdd541918d45ecddc51e18b3

  • SHA1

    1f3dd28e412bd2875f15d4c6df882feac5268b04

  • SHA256

    7b01c8a4a7c7efa68631acb7979c62672b51cdd464ec181564db8578f0a26187

  • SHA512

    e2853fe2bb2edcef933e57ccca76c234e8115c630598bdf6af0c6dea32c01d90d0ad83122b72b1daf620eef4bf946e0b0295536afae9c097a03828f3149f9808

  • SSDEEP

    49152:qMpNaNrfpTZ0chaE/+GSvNcIQ8EVcuFPb+9:h6NNTZ0LE/BS6ZV1jm

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2