Extracted

• • Target

    file.exe

  • Size

    1.7MB

  • MD5

    56e12bcc2bb16375c498e5ce71d2931c

  • SHA1

    20adcd7bd6a7e620643f67bdffad49741eb8721c

  • SHA256

    6cf1009c216fd7f75654de4106d1473cead2c4e59185d28f2cafa562e14e9101

  • SHA512

    3020f7e04909f97b1c50f29f9ea66801f389977e3316e7bded69daba22b5f22b304eec2659c4ea6394f14e617fee7cc2de4a1b3574f9488d3e0782d04c1c0416

  • SSDEEP

    49152:628LO+tu9pMYtO10VFD8+dEh7EBKN3/g+hGQbgfMDAMn/:6vOftO10VFD8+dw5gRnVY

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2