Extracted

• • Target

    588c31a110bce2363981fcd31c6de05857b0c7a58f173a2b3d535d448f2b4d0b.exe

  • Size

    1.7MB

  • MD5

    196dd30fdb8a4fedf3248d9be04ccfb2

  • SHA1

    7ffc7042e35eb5f85c68a77b24027d7198f9733f

  • SHA256

    588c31a110bce2363981fcd31c6de05857b0c7a58f173a2b3d535d448f2b4d0b

  • SHA512

    6ff183dcaa90ac5e046b54ee5a430b321ad15a7a443bb70d272857da037c3d4dc6955977daf98cab97fac6e927b831bcbd7e44fb1bc43625621e0b2cf7f6b092

  • SSDEEP

    24576:K5O4xwSRvGX7Oa2le2aX7vp79zM/o11AU/S0fg106etQmxzNwOP17m2wTpJn/EEp:GRvAO+2wbpRM/AOySgG0Fjwu7mbl6T4

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2