Extracted

• • Target

    da814fea3292abc17b63308df691da2f26158ab6b0a5f8852ccca6aa44c8ee16.exe

  • Size

    5.0MB

  • MD5

    415bd00d488068bce30d1cd9f2a8cb5e

  • SHA1

    99c6eb575dea64239aa3f85ac4a7322d94e219ed

  • SHA256

    da814fea3292abc17b63308df691da2f26158ab6b0a5f8852ccca6aa44c8ee16

  • SHA512

    5a7bf6dccf4d26ae9b2f5baf2b377c1532b2cb2842142bdb818f5b638c6d16d9d145ad05c6287008fbcff42d77153ff7b4d1704161cbde33069e530cc473f8a9

  • SSDEEP

    49152:tQZDqZp0WKBjzXxpnd9ToG8lsAHUqhgs2zF:yZ+8WKhXJtbGR04ghzF

  Score

  10^/10

  stealcdrumdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2