Extracted

• • Target

    8d801922c816249958e835a8186617652a5b7ecb8352afe5d9c9e924556f908c.exe

  • Size

    1.8MB

  • MD5

    fa5ff3c5705f9daedecdc67e17448707

  • SHA1

    8c6bc9fa717284632d292c30ec7442787c04387a

  • SHA256

    8d801922c816249958e835a8186617652a5b7ecb8352afe5d9c9e924556f908c

  • SHA512

    e5e519fae906b49b5ab358a28ca4a1f8e8ecbe30025ff64e0fb06082f4ac9581904eb162140e162a8638962edd0935c81ca9e7da634f6d81acf5291e6504ad52

  • SSDEEP

    49152:J6cMo8LwRCUnx8quXy42AKEPRDrRZmUWC6vE:QcZkJUn0XyxAKy/mpM

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2