Extracted

• • Target

    fb80d25dd32bb05e9256ace05a960de677c80c5b5f148d49614877dba352b926.exe

  • Size

    1.7MB

  • MD5

    f2594aa2805079965e15394622d2ccce

  • SHA1

    9ececc6808e161984c062b8c6bd37126431e8c0d

  • SHA256

    fb80d25dd32bb05e9256ace05a960de677c80c5b5f148d49614877dba352b926

  • SHA512

    65af33bd170aa2520e06e458e26592bafbd7e3cef071a101ce08de039f7d6d2b37063f9a974f799c130266c833dfc9668811bac535692beaecf5db0152b7a5b3

  • SSDEEP

    49152:mVA/KzefFtbQP1iLPZsAkxqrE4nB8/iE:saFbyALYqbnu6

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2