Extracted

• • Target

    HZY10_file.exe

  • Size

    1.7MB

  • MD5

    0e05441bffbe8e424ed49ccd5af1ce65

  • SHA1

    a9d995171095a1aa14f4f13bc6063f339aaac768

  • SHA256

    327b96e7de0c91b4799d730b5c18641fe694ab2e367f1a1d7665dbca7e37aba9

  • SHA512

    ef22c5679124e5fa84816781f595b13212734f840ce72e50f46226e3ccb317da56db3085441cc799c548994155dc374a6533d32f979e5d4364a6e2ab21e5ae95

  • SSDEEP

    24576:xs4Zsal7DkIKq9GGepHGwToQ7wtRGsTEjhWI+pjoFsMH9tTBIWW7xXp2AJ9vU:GQV9GpHGwTyGsYjhe6FF9UH2Aj

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2