Extracted

• • Target

    78acc977d365d9075289d4ff22a1bd8abe0b36dd31d541d2fb1da955acba891a.exe

  • Size

    1.7MB

  • MD5

    44acf94c8bd127aa013100bfc3267a07

  • SHA1

    8e0d785a056d6dceb2eaa65b13e4108676b64d82

  • SHA256

    78acc977d365d9075289d4ff22a1bd8abe0b36dd31d541d2fb1da955acba891a

  • SHA512

    8d2ee0e26292c1fc11bbcfbd6150bb43e74cb11a52e0c6cb591ca59ee5bd622dc94b3c1e1f2a2d53e1862086e1a0c46b60bb691948fad36858901e74779dca81

  • SSDEEP

    49152:3OpiRmhdO3JWgzhfJI1eYxVA/I5QCaQGgHItBYBYGngH8B7:3OoCdOUgtf6w6VA/CGaj7

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2