Extracted

• • Target

    f8b9bc1fd2af3813bfc5c6197a0d20448c21c86f703835782701092d10a1615a.exe

  • Size

    1.8MB

  • MD5

    2f595e9186b87cd4870ea38f16393d8f

  • SHA1

    4db3549b4dd7c93d8b795e8b194c8f3a105a2b6b

  • SHA256

    f8b9bc1fd2af3813bfc5c6197a0d20448c21c86f703835782701092d10a1615a

  • SHA512

    e1f8de211fb23c8e492dbf43301267f5712c886657c758b189594de80f9bf23f7428d235ad1672101989f544fa8d0185fd2cc70d78cf17a24649b6a59b5fdfc3

  • SSDEEP

    24576:nyrnZpBGO1cKZkRA+aaKDs1Cb10RxmasEdpxNG/7SZQL7Sd1mbjHqSUs5h2d7D2b:nyrnldZkR7ysG0XGEK/OMS6XK2yQJ

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2