Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    530e26ec447068df05da5ce1caf07cf4

  • SHA1

    0d9c6a7b244cda38641108a32567b1434981e348

  • SHA256

    07b2957c5d74daabcad1b01d1735b9863b9d2afbb4e8bd4b18f8d7293229c723

  • SHA512

    58f2b21258784365c293d85cfd2ed8b161cd0d3a6cb1f06f7b1b34dc0a709a345feabc7611373ccdb7ebaf84c7477e9b7c2c6a68a021049fd2a646d4a4d6c667

  • SSDEEP

    24576:KKrtqsntq82TVAkoPYhP7UgQ9dikF6MgWb8umVTXBmJzCLpDWEOF8etv0IjXAX:HrjAAkF4diqTAV2oVetv/wX

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2