Extracted

• • Target

    f5622ec8edbadee157c022829ea267ee17ca517e9f306f0712c425024615f972.exe

  • Size

    1.7MB

  • MD5

    f82d9cecd341af38b222a4306bc0588a

  • SHA1

    3359c049fe7cdb1867c8e19fb9d4c8ad54432b6f

  • SHA256

    f5622ec8edbadee157c022829ea267ee17ca517e9f306f0712c425024615f972

  • SHA512

    153ffc9b6d8fccbd8fb5cbf493177ecc1e0af5488c09409574ad64b392e66d59fad6fa7c88087ca57f47007aa15db084c7bc8ced81f88391d069fac4fff7eae6

  • SSDEEP

    49152:jFUgC1CbpZKv4iGSpXTDssKnhJ062HGFFhyeOJUIRFops32LF:prRbpDSpDQRhJ06yGF7yrV34

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2