Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    81380b3f4700458353f68405ba69f471

  • SHA1

    2c51c11246200de63ac0121df7fc94545f0aef38

  • SHA256

    5b039e26817ac3dde3340af44180e943e7823936cb537342e8a818e5d8705908

  • SHA512

    a59cd918a59a2aef818e2974579026a1ab344bfe658e23954550b6c2d44df2285d5365cd60d4086c60d4234ed8616546826d9ed66634150f0d4fde8702e0ff3f

  • SSDEEP

    24576:8KiYYsFZEkLMfHBj9SckDSBaCJcHl7XSPCtLP13h65igzXV0v5qrUKzuThUaU3SR:8HYYVk8j9LkDfrnhy7Wv5GBzEhmiDd

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2