Extracted

• • Target

    1533468d8bc477b4dfad7f85c612e012db13570f7c8ee1dabfa62f66b1ae16da.exe

  • Size

    1.8MB

  • MD5

    487396517d6dd025a62c633c0e4f479f

  • SHA1

    db79144fcb80e1f82e8e2a8011855c4b8646c81b

  • SHA256

    1533468d8bc477b4dfad7f85c612e012db13570f7c8ee1dabfa62f66b1ae16da

  • SHA512

    538af25176ae7b627536bf79815459c981c3b52c89ff088cb0632dc88639fd2037942bdbdd3733a9659d4e01acf01875952a1510a41d7af12b6e0cddbff1d5a0

  • SSDEEP

    24576:sbXIldUcU4435IqRFUZWOX+K+QP5zHEIguJmA/XEN/E1o4gE1FEDFFd2XljDjkkx:SgdUPvVpoHrg2/XS/7RG6I13YhstxI

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2