Extracted

• • Target

    f7b28824e3a45ba5f96b6c0d2233dd9f818912f7e6b69d2a5a037c8823220621N.exe

  • Size

    1.7MB

  • MD5

    cc4814443625e3d73a4ce191873a2990

  • SHA1

    d4044b6f955b0b5303471f49da0e8af46bb66a3c

  • SHA256

    f7b28824e3a45ba5f96b6c0d2233dd9f818912f7e6b69d2a5a037c8823220621

  • SHA512

    4c309e78f5846df7b67ac45ded7072ae9dcde7c7dd799b0563395726b4901c6e60d814e8d540a9c1b4084e5c94d961a7eb9623b292bdb5b15760f5015c172aaa

  • SSDEEP

    24576:IbK1O9Vn0uAT5YjrsePX8mbLsZGzQst7OsU/VfNLHxUhkKeq4KdtFuN:IX9VndyYjrsePMokGzQs7aNLRckxS7F

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2