Extracted

• • Target

    2757L_file.exe

  • Size

    1.7MB

  • MD5

    dbcb2bb33cc623898e5f5e93af43366f

  • SHA1

    cf579373ffcec785e9fe2070c9a1fea1fe2cf62f

  • SHA256

    4e9e5f4322649ec1edbf95ced7863a6df6413c933a780c6bee147c11eee28a56

  • SHA512

    cebe946cdc4cd62fccd0e39a0a0bc64ac34da1de7515743c1db3ca7b3af2dab5ab914141794b43b8a42a2dccf1cde2d41434372faecad19de3fdd9b972e4c5aa

  • SSDEEP

    49152:mjg+xokny2iNivv+uVU4QbvkiPvmZ1JJ:AgUdnyziueQr3He

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2