Extracted

• • Target

    5facd021cf569f15595a5bca8a9e248e6c32c1811f8b4c70ca037a15fed258ab.exe

  • Size

    1.7MB

  • MD5

    0bd6feab9ec3faa844bdcdce20bb139a

  • SHA1

    489a61c409dfb7d18be79e8ee0e6a357e2441b32

  • SHA256

    5facd021cf569f15595a5bca8a9e248e6c32c1811f8b4c70ca037a15fed258ab

  • SHA512

    48c0db3c10b1ac30f86705f98d653ab487728ad131167fd3a7f26f3666d54bbc0c034139c2baec8c66749999cadf9354b5231e43f05eefef3ed87c9d4057592f

  • SSDEEP

    24576:fCZPJDrL986um4wskCcB/O5luZPVaYAN5aIGFa2mX1e7vQOB7TBpS2t/nqkemRjX:KfjumUkfxlVkN4AX4QC7Tm2SWXNQLg9

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2