Extracted

• • Target

    f0c849084e61a7a2c7b86da07de2d72abc98e03e4f9a6c396c246046817da169.exe

  • Size

    1.7MB

  • MD5

    1b413d047eaf75ebaac69270367d449a

  • SHA1

    039a3a64b7ef3801426856cc41d7f65b06834826

  • SHA256

    f0c849084e61a7a2c7b86da07de2d72abc98e03e4f9a6c396c246046817da169

  • SHA512

    acb6774e4ff1f8a6b0a2257ba4dbe6c3b6c12742d4cd49bd5b510f20547188d6c0ed4a41e5219669ac347202c17b7cba751486a8a13889392cb1e3b32fec9bcd

  • SSDEEP

    49152:EvILHaQQ40GE2fyAYZ0FRPzYo7nT8CxQwMaqm1+teCaY:EQja74LE2fIqFRPzY+nAPAqmoeCa

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2