Extracted

• • Target

    d49f1d22fcbeb7167938a73180c3f88b984eb712458fdd29945bd32aed613ca5.exe

  • Size

    2.1MB

  • MD5

    d6866be0728d336b4ae8911c91ed08c3

  • SHA1

    be634114f24dc3c8aee37f97c47cb5ac930cc7e0

  • SHA256

    d49f1d22fcbeb7167938a73180c3f88b984eb712458fdd29945bd32aed613ca5

  • SHA512

    ac153141ed39158389d72c583f81e805046eb1d914bd847aafbd3f7d6783262953410c2b7542790682f27b31d00eda1a8acd6feecc06d2b94794a25114c20151

  • SSDEEP

    49152:c9JHoTwRJIbv7hzahtEl770Z3XGETcnbcBdKuG3e8JKK:cXHoYe/hGU/EXmcbKD3e8s

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2