Extracted

• • Target

    26711a4c32193e82db0ecc58bfc95d9482f111d1389314029432f228fbdb75e0.exe

  • Size

    2.0MB

  • MD5

    fdd09e1d35cbc3837a26255801aacb53

  • SHA1

    c6a5b12ae933c9cb222b3d8a5ebb4bd432e22b95

  • SHA256

    26711a4c32193e82db0ecc58bfc95d9482f111d1389314029432f228fbdb75e0

  • SHA512

    7f52301a06f6f0fb4d6eaf07a784e45a9cd9bb275754aae59bf1a2139af1304d296da21777e2c0e52f2b8c876a4cea5ef35a6bd574135b1256714d6304087750

  • SSDEEP

    49152:4jcIeE9yj6mFGZ3fF2tTuLDnyMCNhYHz/6Ek5l:4jcIlQDFM3mTuHCNAGr

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2