Extracted

• • Target

    8ad021742723e3f870c9f6d4841765e2bdae42aa8f6c9a8435d1617aa0abd9c1.exe

  • Size

    1.7MB

  • MD5

    ede7bb1aa29b10ac0639651d548d5e5b

  • SHA1

    299ad0cd930fa5fb30e48221d4a7a7bf520c8440

  • SHA256

    8ad021742723e3f870c9f6d4841765e2bdae42aa8f6c9a8435d1617aa0abd9c1

  • SHA512

    5e2f6050e57692f62738cfc5f1f2c6966c4de4b1c34a45b170e7afc23f8f9ac0c82d5627b39546777c9d64021a1ebce25b45a23949dd56d5bc4244afac77a090

  • SSDEEP

    24576:2mUiRAmjMLSR3wVtv9jy3wDeSSfKXIpuEZOaP9dOl2s4g3deQSiuKfDekBbzy2cB:2X+MLS5ktcueSaK/EFje3u0Ccz5U

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2