Extracted

• • Target

    26be2c3d18724db12da420e2c591d4d31e19057bee795cc1b64febb08f5ab717.exe

  • Size

    1.8MB

  • MD5

    7c417f9adfd8e368f6c9c5b46dc08397

  • SHA1

    032bfe5ef2b2fca51751812f127f0de47e42c541

  • SHA256

    26be2c3d18724db12da420e2c591d4d31e19057bee795cc1b64febb08f5ab717

  • SHA512

    092071c05f458d55112b552e2c94646729c987a6e9be78862102310159dab752f18e1bc10b56dd6fc6263d2aeb6ea6dd4daab21024fbb1adff1b805308f865bf

  • SSDEEP

    49152:aSj3C9cP6CMpA9/wRSdTRIewPsmsebIBfQoG:pAcP6f69YRoTRIewcebOHG

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2