Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    a0e3200d0547b77804794f31e2570e0a

  • SHA1

    4615e12b5b32112ace009dea7944481d5ec914a6

  • SHA256

    ab464533e36194f803441eb419712e0c1487079b73e89956a370654f395cdb23

  • SHA512

    28eaf8327704726985062c405875fecd0ed794d953f96547022c708c076e113af09fd5b8b364897e70a0aeacf4d056a7a2232d28527f2db47121ffd2c22b826a

  • SSDEEP

    24576:XPvVNUDuoQwa1iuFcfxNfgctGzn51sMJv4NacO+ADaf6/B6Bm85nHFXZLqex9GZr:nTAXzJNfgv91sM94ocEi6/qnlXpOd5F

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2