Extracted

• • Target

    ad161aa94fcfe0207e006157534bb53d03fc5532ed6eeb9f0416f0ab34abe877.exe

  • Size

    1.7MB

  • MD5

    38f264cb7053111379d672bfc863040c

  • SHA1

    5a90adc841bc1a253b20358c4699556cb61317cb

  • SHA256

    ad161aa94fcfe0207e006157534bb53d03fc5532ed6eeb9f0416f0ab34abe877

  • SHA512

    51ed1b49931adb108edf08bce0fd9b7ad25872ee56d82487359a4ca05129f6c54f9ef338995400757e79260fc902849b63b1273dd30e95d6aba5b6d5053984b6

  • SSDEEP

    49152:6Z+u0Io0uNP//L7OaTShOKZ4bYFYb4/r7g:6wu0Iq17zJKZViCg

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2