Extracted

• • Target

    2fad4517df66808b186268b94b9a75f9aa669f2146f6b8f2eb12ba65c221b5b3N.exe

  • Size

    1.8MB

  • MD5

    2aa70f8499e37600d9a9de0d8e504d90

  • SHA1

    4a9417f00fb52b0f0358173790153b12b04f0d16

  • SHA256

    2fad4517df66808b186268b94b9a75f9aa669f2146f6b8f2eb12ba65c221b5b3

  • SHA512

    0206d7b99f490117bceff4fc7487a3d489c11549bfd6d875740d4d2c88b9bfa92361a854a85f771f81f75b82bff16777d3918ac05a7d87b5d6be95b9d2d20871

  • SSDEEP

    49152:x1x0BBe2Hl5M+8jPn1pKgB2A5IuNlBaLBJJXm:bxWBZHAZKgPdbUv

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2