Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    cb78b3cf97d74f0540679225a564e8b0

  • SHA1

    95b72e4eb9f28a6534e1d902f802f2988ad6735f

  • SHA256

    3427282a0e679abf14880c48f47728c97e1c3f870d1bf3bc0116736f3abde675

  • SHA512

    88f693df96058aa6f91ba582ce5c213e9c7761eeb1379b8993c4de83b106632083cd90bbd3eba98a4038b6b951adf81f7f64e7bab903eba431ee4497abd5cde6

  • SSDEEP

    49152:K4sd0B4xleENLXG5uPufXJztveHofL1rAh:AOMl5NLXG5uPuRgof2h

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2