Extracted

• • Target

    fd0fc806cb6f10db240f67cf279a3a0cd42b532fac0f46ab8dc50bbb135a0348.exe

  • Size

    1.7MB

  • MD5

    b4ee41c7b74867c45fcaf404a2b110d9

  • SHA1

    e88014bc749aac28a91439749b9147167c3aeded

  • SHA256

    fd0fc806cb6f10db240f67cf279a3a0cd42b532fac0f46ab8dc50bbb135a0348

  • SHA512

    cbd28148736d9308b1a4ba22448cbae625f9f6579b5c9a21a161e22e4086687df020e43c6e15e2205c108d0f3265b692b1b27b66d77d96c650c584f0dcf4675f

  • SSDEEP

    49152:4yh6egfj+MefPacdainejo0OeG3gMcHgv/5yDP:4yh61fj+5yc0JpNFTE/wDP

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2