Extracted

• • Target

    d0a18c1d84ebb376f2244ad1f79be69c981b97e0c17c1cc9d61bf73b8cf950b6.exe

  • Size

    2.1MB

  • MD5

    df4ea4a8afcceb8e19558408e42ea473

  • SHA1

    033bc0096ba5b468af9709be7e8df5ef6e1f6577

  • SHA256

    d0a18c1d84ebb376f2244ad1f79be69c981b97e0c17c1cc9d61bf73b8cf950b6

  • SHA512

    0a1d29d5e50469fdb5a785ad355fa8b6481d5da138bebf1b0499ec119c9299ec22d78abe5b6a2c9e7089a5ec2f6d1bc54ec972ef61c3ee3c246544974b068e38

  • SSDEEP

    49152:lQWI88VDzprCUuzK1jjzqCeaW0ypCVKLaCi804b4m3:WWZ8DyK1PzWhMKmCi80e3

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2