Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    b3cec29dfcc248bc4f4f33ff5ba14470

  • SHA1

    389dc1f719b34841eaa55c8e81ce0f773fea3acf

  • SHA256

    841e3ab686e632551e2229d68366490832987ab47d308c54f6817f3e13a5ff52

  • SHA512

    85803678ee823025990a8377b0b51335be58365bc1fcabff37e4ed1330b93438bbbb94e40908f3ccaea4631ba5d155d0391198ee3639630bd981cfedfdc5828a

  • SSDEEP

    49152:eZVwZPBu0P7eKyJFw0RfC4xtyZZ3z5Xz+lQQCf2cj9:eV+PBbLdCbDY3t2HG

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2