Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    95971c759ebca3d179ab9305188360cf

  • SHA1

    8bfac4ee7175aa24dfa9e308840f4245efc0c3f9

  • SHA256

    82c9c6fb94030e3955091fc37523491c98325ed84adf8a3116c3ab79efddb4ac

  • SHA512

    da6669201c845626183cf6abb4f4b40c91f44bbac1115e856903317ee3febb62cf340acd77b27a1dbab0e9d6c74108b3ef0304728d6e46056cacd4a0da2c6dd6

  • SSDEEP

    24576:zTsRmAqTki8jQGppX/frO5mAAmjzK8DtH+oBqvST/kIc0E7O7quwKkxe:cRcTQ95rO55A2zK8xeoBqEsIya6Kh

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2