Extracted

• • Target

    32ebf905a6ed43b5e163ba71f7a836fd3b6d2f866c18294278cb86e85ec01a3c.exe

  • Size

    1.7MB

  • MD5

    6467f0b3f7c25edc1259d28371015177

  • SHA1

    3fbde0653380909d0a4a35c032c9fe80131c0925

  • SHA256

    32ebf905a6ed43b5e163ba71f7a836fd3b6d2f866c18294278cb86e85ec01a3c

  • SHA512

    b88fe4f81932f235691e1f0a3a1b8b69e5dc747b04d5838b907bb477fc7aa9c49673db9149b693c94f9814d9f138bdfeb391ac3ef6c0a78bb80d87c3ed86a651

  • SSDEEP

    49152:vJndr40nWKw3+bFOVNCJdBiM3VAXJkUrUwIo:D40rQ2BiM3aZdryo

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2