Extracted

• • Target

    e48ca69b3f439cf66679ffe60efd564f.exe

  • Size

    2.8MB

  • MD5

    e48ca69b3f439cf66679ffe60efd564f

  • SHA1

    fb466d0297ee39819d14dffb99c69bab52dcef4b

  • SHA256

    c9b2322743d3daf2d975110637d09f00bf2481eae2a447f718cf53696eac35c4

  • SHA512

    529b1693ab4415484b20a9fa0bd6a7d7ca017da3341abebf900be63425fa77d9d2296b7506059696e383307d24ec4ecb7f6e3936551248642cc7ff71d0aca194

  • SSDEEP

    49152:vI2DfcBpykrnsgz+yNjY4FW886n/c0ueHnS:vI2Dfo/ns4+yNjYMW74se

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2