Extracted

• • Target

    88359e2cf798ed00c4be01cf59eba68ca2a60d47084c4b066a5b294dc3fafa7d.exe

  • Size

    1.7MB

  • MD5

    6032908392c4951140ecb7830b0a0538

  • SHA1

    13a821604c15f9947c076c2f705c4e8b085050f5

  • SHA256

    88359e2cf798ed00c4be01cf59eba68ca2a60d47084c4b066a5b294dc3fafa7d

  • SHA512

    c61dd54a543a7c8f2c79da920b5fe518ab328595299445742d9bbc65abf1166e20399ab40f2be395126d413a7699458b32bcc64c6b40eda8f1d44fc5052630f3

  • SSDEEP

    49152:vXwnELO1aTOxRI8Vp2qcjkQBqOq+51YIEXy8Fllec:vXwnEy1KOQ8VoOO35CIEJlf

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2