Extracted

• • Target

    0083dad1f51d5a65b3ca42121af8f656831bddda11a96572f7429d2b8b1a0ea6.exe

  • Size

    1.7MB

  • MD5

    5159e84d71f4e3486d068c78a9619c3f

  • SHA1

    efe6a45717b2f98010a1cedb1055e23554776968

  • SHA256

    0083dad1f51d5a65b3ca42121af8f656831bddda11a96572f7429d2b8b1a0ea6

  • SHA512

    d96e03d47951044a9f67950e17111ac98a78b4cbc2727f02793cbcdc90c6e1a24370d9b45329e2dd5032759197996749906e4629e8520b8eae18dcdedf08d869

  • SSDEEP

    49152:o4nWwEYIzjyQPfn/n6+iAUtcyZX8kpTelD48i9:oWkqif/n6DADAskTSDRi9

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2