Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    e5a48f23e7b32f452f9bf2e6bf42094c

  • SHA1

    4f95895d7a641793c3e603847c06ffd51fb29940

  • SHA256

    90a76e28f761c3a0580ec1b56eb241b57001091cac3d63378dec4368279103dd

  • SHA512

    3ad71818ffa0544e8c7e302c49a51b7e58b42543a0640a588e448d4d1ebb9e4b880e1869a634b7e66a2d11849eb2c68672b575f7b6386393bc02ff052293ded4

  • SSDEEP

    49152:LLrjKJvZOWRzfxWd7YVHqLU7of4A88ahonJr8AY5h/v:fvKmIzfxW5f+e4V4aT5

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2