Extracted

• • Target

    61503aab6e8bb537631115556cf898894274211cae16c143081c2912532a018e.exe

  • Size

    2.0MB

  • MD5

    c17ed24e02488677c15a7f9af66a0aba

  • SHA1

    222cf4373cb4d9f05dccd3e2745a4b19cb4dd29f

  • SHA256

    61503aab6e8bb537631115556cf898894274211cae16c143081c2912532a018e

  • SHA512

    031737664e0233b9e3f96bb19263d6b02de181255c9ab78fc7d8bdebd7733e5e67652715222fdfcb6d1303648bdd01a8b5da6f21adf6ad85fafccdf16b7fb451

  • SSDEEP

    49152:l+UT9u2iXY1pBSxJs/OjJcUgzQZobZo1W:l+sZiXYZSPy19o1W

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2