Extracted

• • Target

    ee65744917796f7b801c5680c7e94e96674954e1fce7bfffcfb033fd63330b18.exe

  • Size

    2.0MB

  • MD5

    419b00e8e66411cb60175e8d8b41d92d

  • SHA1

    25380d5b02809bc7d24beca859fd9ef1cc5441d4

  • SHA256

    ee65744917796f7b801c5680c7e94e96674954e1fce7bfffcfb033fd63330b18

  • SHA512

    774332a144fd9890e364b48192b7dd0f3e8c61121fe680ea74ed981afba43c8869dfc504d54992c5351592e5408bee44e6a97ddbf151abf6caf7028f44ff637b

  • SSDEEP

    49152:g8vuj8Y9kvaUvvO2vFDZNQRAzgUUCXH1pnh4Jb:9vuIY9kJFcAzp/H13

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2