Extracted

• • Target

    file.exe

  • Size

    1.8MB

  • MD5

    89676498227249b42b5c88230fd71a9d

  • SHA1

    0532d73e8071bfe4509ebb7ef19c90f0e90b336b

  • SHA256

    1d27442326e89ab0bffbd66e324b243351fb284a64fc3351ec94a7a79902ecf9

  • SHA512

    d727d94e81d2c4840c946d9f4fcc0dd59a421bf3d1faeda9eb53872ec2bcdcf4e5ef52fe4f5e21334b67ef4cae38a231028fbab3bd63e31f1b59b6ae56c8005d

  • SSDEEP

    24576:AP/ZoleUqE2DF297I0b3Y9mtfytfV7NCZK2GUg9Mvd3yE98V7TlkKSmwSYoS922W:WokUqO7I08sZ81IZKJ/9Gy+4no6I4

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2