Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    91b37d2cd25d901080a13743131a5229

  • SHA1

    0b77ba7424bf660b1bd8f4f6c01208cb8eaaef9e

  • SHA256

    d84a99942feba00f43b585deed2d7b44caa59488c61ec4d8b118b407d4f4c6f9

  • SHA512

    e6006d818362a4d5713fb2d41a8bde6db8d8a6961e7314741dd8719583a601b18775ef6ec7835c3db6ad6f6e8f7aedba67a3edc98d8e8faca7a825fbc0483323

  • SSDEEP

    24576:VZW/7lgxYZzCYjfy5n1jqa+cB7vEhZrUvzFqYsoXLpeI0gyBFSak1vk0S:VZuCAOYgn1+aXBEjyzFqS0Pcvr

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2