Extracted

• • Target

    EIB3A_file.exe

  • Size

    1.7MB

  • MD5

    d2156fe745a5dbf3303a799a82d736e0

  • SHA1

    04530b3ff60a8d706ffcc2ec0d7df2ae0ea1377d

  • SHA256

    1ecff112836437d181652efe29d69f6970b6bd8d9ec924f2fad5a03874d960ae

  • SHA512

    4aca71a25c6599961f20a058c4106981cbc375aae567b0cc6e361391716a37dac7ac079baa40036406a0d6d9376d36a8cb73b7d275b5c5c17571e2650d044829

  • SSDEEP

    24576:K5O4xwSRvGX7Oa2le2aX7vp79zM/o11AU/S0fg106etQmxzNwOP17m2wTpJn/EEQ:GRvAO+2wbpRM/AOySgG0Fjwu7mbl6T

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2