Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    9be218ad3dd725bda61f77750bb61737

  • SHA1

    9ae7a8fc6639474c7ff947052b63c7ba29254579

  • SHA256

    b00dafb7f1ee2b54c3ea0efa80a42118f2e3bf3b233ce4c274553bb7d7dcda8a

  • SHA512

    13d1a7c0d345ce93e14e87536c5ca3397ce9e0025aa917cbba7eedabdda2848820e1e26440933f017e3e1965116f872d31b301961760505e2aed51f946aca29c

  • SSDEEP

    49152:5KnuhAcECFuEuTzDG7Jc+xwtMSiNG1ayp4dOpR:quuNC8EunKc+StMSiE1ayp4EpR

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2