Extracted

• • Target

    bee50744a16bd59e87b06e58043e3efd7bd2d3fb31f25e4481a9ea498e181194.exe

  • Size

    1.7MB

  • MD5

    bc7e15f0d547a97f33b7084eb8bb6e35

  • SHA1

    83ee297f1a2f1651c6596c5349614ea27e4643d5

  • SHA256

    bee50744a16bd59e87b06e58043e3efd7bd2d3fb31f25e4481a9ea498e181194

  • SHA512

    e02e938300749d0c12b14a7b58c7cbd5bb0ab24680313bdcce95aef40403dcebfd10e1ce9f27088e6540fb21e5df70e09b296eeca832e165c74f4cf72b08b1ae

  • SSDEEP

    49152:LNBT0HaEo1FfN7IBTXRFIYx8XmRET4aQV8pfk:5BTtRFeTBFI0JXdIfk

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2