Extracted

• • Target

    f5f9cfc7b37767cd37bc2ab65fff311cd996cdeedef53a1b6fe280cdc5e04032.exe

  • Size

    1.7MB

  • MD5

    8c287fce1573479e65cbf66c48609da8

  • SHA1

    afb805c99680be2ec2e12382aa30db63b5259e14

  • SHA256

    f5f9cfc7b37767cd37bc2ab65fff311cd996cdeedef53a1b6fe280cdc5e04032

  • SHA512

    67c1856fca495d199b6786c820db18429f050792be8ce01139cfb6227c51169450e889377a4b673cd2b83a4adb984fad0178aebe656168b452d76c7f2cb9b8c8

  • SSDEEP

    49152:prCkttH7saGakEFF2sYpAp4Tx/LiDYE0:prf15FKs6TNL

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2