Extracted

• • Target

    d729e5ca94577644c249e1534a56301da41832b32e81bc4866742a908359238e.exe

  • Size

    1.8MB

  • MD5

    ff8eb93e00cf8c24c14b4a9b713f2115

  • SHA1

    928bf41910af49788bfa067e0302312b33c9fb5b

  • SHA256

    d729e5ca94577644c249e1534a56301da41832b32e81bc4866742a908359238e

  • SHA512

    1147cb55542da0a15c26d60f2a8f4e69580259dccdfb69ed938666123b679f9fad2cf169aafaf47286721c67fade42b3e87c5c2a089bcd239513c5b3074430a9

  • SSDEEP

    49152:2EH/jBAM9sx3cSxzRDma8FUc/g3k1skFtnLJq1rjf:3fqgWfxtDB8Fs01skFtn1mj

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2