Extracted

• • Target

    4T2PK_file.exe

  • Size

    1.7MB

  • MD5

    c1950c4aafa568b63462b2131c67ceab

  • SHA1

    e2aefdf02e7081c1b6bd03affd8d336642388854

  • SHA256

    2ed1e1e632568e8c6ea61bc3d528edfc381be9720a145265e56e0190578723fb

  • SHA512

    24312a48d39d7142ea6b8d49f0c0a95a8661588697e3ec6fd45df5046c83df764549a4f46d0dd732676cbc92468a9c887a75c8681f9c1a9b29fface67df044a9

  • SSDEEP

    24576:4M65D66hgGJglzXMwGyAvtUybnqeFC3pDdtmnRt+LDu0QRJmlVJYS2smPl4XwQ89:4f5FhgOgPpWTb1CF7mzKlgpS1AG7Q

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2