Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    ae9d1a7fda26b4af1dd0cbe643195a42

  • SHA1

    9bc4e5402027dd78e74378e4e2e0565765fbb2c1

  • SHA256

    621533611563869b9418b2b7672c49e40e8087447ac58a72666df78cfd03acbb

  • SHA512

    769feb3b698408b6b47ab1ec98dfe5e43e5b2d0bfff5ba6c87d043159e13cfa94028acec95409aa31e973e8ea0544be95a27909970174327478f1fcadcb44c8e

  • SSDEEP

    49152:jQSUFSZwcbVBaRmjHsHZbMdVEQIPSTEfjlIVUj63TbzWNd:jbvaRHHRMdVDIKOCAwTwd

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2