Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    f8130f10566598b947b7bb832ea69cdc

  • SHA1

    100bfbbf8a24435f4e43230acbd9a95f48edb0fe

  • SHA256

    b97c1c3fd5c344ed61aea9bbaef5b58d53536a8294cee89020f0121fbc5eac36

  • SHA512

    7c84a020c432e5df530344931033cff64804b66f82a3884426a55d564d9d6be61709c57422a6331f3af7bbec3231cbd4e3ae8491e5f23b3491f065f382b20c39

  • SSDEEP

    24576:engJcwgDBj9qz9ZV2cf4DB9CtNBBGEXSUrpqJY3SDCCBp2Zaym0Fp:IgJclF9qwcgDBI9BGWSUll31ky

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2