Extracted

• • Target

    34a0940b32c70247f709781741607494ebbfdcc760537d983fe37b7220b26a14.exe

  • Size

    1.7MB

  • MD5

    6bf3f9cb874d4f0856c43f009706beb6

  • SHA1

    3a8e49ff67388ee47dd2fd927e6f201550bcc62e

  • SHA256

    34a0940b32c70247f709781741607494ebbfdcc760537d983fe37b7220b26a14

  • SHA512

    5d6a9a8bfaffe26798e11d7e4da6d52ea00a0fe635cec84bc2f82c3150a603b541200bfc700aa0c6d09e5555aaf56b7048611b59f6d4a978d27da39d52fbe085

  • SSDEEP

    49152:QPmQM+Gd813P3DiLPdDu41YAslYyJmteqiccw8:8tLJ/idDuqY/YyJMEw8

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2