Extracted

• • Target

    49c1d6ef14144142410cc0b2c721bc31ddc68135324368d6c6e72d6a92135368.exe

  • Size

    1.7MB

  • MD5

    13bed40cfbeb3183a3108f41fc50a0e3

  • SHA1

    a6e037a3bcaeb8b4d43447877e9c838f2b12e7e5

  • SHA256

    49c1d6ef14144142410cc0b2c721bc31ddc68135324368d6c6e72d6a92135368

  • SHA512

    1dd1880943b051c2d483e568f0dde97a8c0973762b6331d5c452d8a9f1011b3b38c4621ae60f2bf5cdf7571afa8bd928e1db216a19ccb3658c3b0ba0afcd6c80

  • SSDEEP

    49152:xU9+qhQuGyU+eN3agyYmYhIHWpBsfgvGY85PMMvVa:xU9HU+EbyJYWHiB3GYkUwa

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2