Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    d725dff9e3af44d7c1f428fef183a266

  • SHA1

    8a4b981ee60684570c7b43d955a3b6fc23edbb2d

  • SHA256

    6cba1aeb12a0bad5e66d272588d72b76c765a33335760e6b6e96c355908fb294

  • SHA512

    a0de7ef1460f16504c541c74461da8b76199957b0634e1b93c1a6d450bbdbde5e3f3ab72bc5dfb54306a98943fd8814896dbac634f0f4d6105de1523c805d8ea

  • SSDEEP

    49152:u/AFgHb2iVxozRBMIOHiHT7nYiSgUM7lHw:u/DHJwLMIPN7b7lHw

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2