Extracted

• • Target

    file.exe

  • Size

    2.1MB

  • MD5

    55358d794dcc2ca7ed8167f6efa19d1e

  • SHA1

    dbbb0c51b1806291668092b573098bdfb31e0dc4

  • SHA256

    a96804ad4921a6d278b7d44b12a3d29f9fc9e3646e8ac63c811c75d1bf6ce90a

  • SHA512

    a1b9c098eabcfb0a579e7f65d36228920f882ca1ab57afc748280c90ca265d826b7e2a69845f9a35527744d64fae26ecc10ea6b3674ab1eebfaaf5827bc07644

  • SSDEEP

    49152:GK5KjQF80T0tYKUwsDkV+sri4nQm03dIH8hAID/xA:GKFAZsDkV+srJnn0tIH8uU

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2