Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    915ecb2949f1c2ad737caa35856b4584

  • SHA1

    deaf66961d8b2dda755377ab791b8907b71cf9b5

  • SHA256

    9784693e6d3fe06c253e47536652da2ac85aa94b2d05d83230b2f9734529f854

  • SHA512

    bb015aeefc7151b3976e7643a143a0b9e3c47ab93d876186af9bd5dd582e900e21662f177f62021db803289b38d69839d26d463bf7d954ef8ab319289346cf0a

  • SSDEEP

    49152:aIGvHJ5IqgYd4DInvoXmnNDCcdYUDSJ5wup:aIUIqgYd40nvNDp45Rp

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2