Extracted

• • Target

    16c7ce027ab12f1254d43cc2b6b5cb8fdc5e257b95baf14f001b232597118a38.exe

  • Size

    1.7MB

  • MD5

    1985940ef71e9d231331fe3e14e49aeb

  • SHA1

    57811d06521e1afe48fd339cc8d35f6986b0132e

  • SHA256

    16c7ce027ab12f1254d43cc2b6b5cb8fdc5e257b95baf14f001b232597118a38

  • SHA512

    1b8c52c50938797425b9d9eae0f674bda97ebed977f142c8300369c69804dc06b7433437025d3c10896db234f07b4ef936407ea9f2ebf9b568301bcaab4be17a

  • SSDEEP

    49152:toBu4wjPsAgeUE+SERjvwfG1SxNGtvloFa:+egJvOGkbKloFa

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2