Extracted

• • Target

    8542a31a1ac10834026660ffab1ceb88d1cf399a802f63bdca797750b7819004.exe

  • Size

    1.7MB

  • MD5

    4e1aeb2af7f03489910191a52ca62e9d

  • SHA1

    19aa302c12320006830d98435904f87dbb6fda37

  • SHA256

    8542a31a1ac10834026660ffab1ceb88d1cf399a802f63bdca797750b7819004

  • SHA512

    a7b04afc4dd5943ba821c4daf9ec234a00889a5300bc7726f44df79c163b13b3db579943d1e8629cfd952c89f1e0debd0060e80daab0c1fb5bd0acd15ab34dc1

  • SSDEEP

    24576:cWz3vyiqbde7wCACQE4cug6yxyFIrT5ALuZWmiZAVFoMD9fndFeGetegxST2:c6/6bSrAdE9XxyiTesWTAllGTxS

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2