Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    4bad8287c5a86eece84ae3eeef0e3ece

  • SHA1

    241ff4e835e0a51700838430a596e197259b3ee2

  • SHA256

    d605ba8b1c39b46eb25930d626732370bc4fbe2552a047fad1db96c2f7086d58

  • SHA512

    9e4e47dd222e5076d7384b395b8af7586536aa7358b576fb7813e59b4a6b7ca90da74a58702b68160cb01b2ba0b6c354509df8dad2dde5d10ac17fdebf2c21ea

  • SSDEEP

    49152:4ucGQoTHEJRMRseP6WimqVqX+WNdS9Crias7U6yJ:42HE8VPum2b4d6U6y

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2