Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    4b517665a74a84df87d5360aa6560efb

  • SHA1

    8e2981eaf255f7e1cc90da8b494148281769bcb4

  • SHA256

    462b590df7f786de4cb422be74146d935f45d47008a25fe26979f3737f3dd972

  • SHA512

    98bd7c367a1c98eb8bacc975f5cd1a9302d68f6661af529f173fa9f2433ab773aed7c9a6fc8b41b654fffd3514443ec1804b86b747baf9b0d9381ce7d6b388ee

  • SSDEEP

    49152:LKaFTLAwjiRsaAe9BOKRdqo0GQtTyWHIQ:2onjiyaAeOKRdEGETy

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2