Extracted

• • Target

    baaca898ba8276710371fbac05c9d59b7ea8e29faa7dff6b918a57df7653b1c8.exe

  • Size

    2.0MB

  • MD5

    77b725a71c9d021832d6820fd4132e23

  • SHA1

    12cbaaaabaff54cc0a2dd6e2f2eae581a7f5498c

  • SHA256

    baaca898ba8276710371fbac05c9d59b7ea8e29faa7dff6b918a57df7653b1c8

  • SHA512

    aae27318fdc9a9fb045f275b171be654b9a6a0e5121fbb2dba33d20d202fdbf54083aaec8fceb54f5421032efabe0082c86aacc614085005455f5bcf30c5a8f1

  • SSDEEP

    49152:aQzNU7+uxkLbYTZjRmm8QtdPw3q1FQzSsyqqkTvT67YO7:lzNU7+uK3IyV30FQuIqkDT6p

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2