Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    eb7861db86d764ae3b2dd28c25df4e8b

  • SHA1

    c2aec1fc6a4cf79b7e7638fee8267b30a009f497

  • SHA256

    06ecb21bf180b171d744be8d51d9871247df34335af18c765e4998cd7623a70c

  • SHA512

    3d5157794ee86bd9a4ba82fcf480b3fc8863e3cb23a3fb4fbb4b51a86568b1ebf6aa1464969a4178f7a6af3ba3c5a28cdf057ff41c1a5f39dc5b0af9385f2ee0

  • SSDEEP

    49152:bxkVO2xjy7GF1rbutHuu0LcNrFjoH9np:bSVOejy67mZuuM8oV

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2