Extracted

• • Target

    7df486bff2cc9fa881d8f349fdea5d852386e5bfac079af83e1655ac990d3a45.exe

  • Size

    1.7MB

  • MD5

    b3fb595055785092f442191372711b8d

  • SHA1

    af63e188660f4676300cf420e77008d41232c46d

  • SHA256

    7df486bff2cc9fa881d8f349fdea5d852386e5bfac079af83e1655ac990d3a45

  • SHA512

    f12c51db89fc4587d709d8bc2e0751a499feb783ff49b2eb687ffd3b461150e5e38e943d5d5a32a853d40365c7c3f852bccc33771db49b4e8bc9247e9c9d4c6a

  • SSDEEP

    24576:/XRnTWS9M6G832tc8aegrm2rIEjvWDBqE0A+hBcwbPna7r4EK5DwUozaT:/BaSm6nCaetEKDcH+7rD5U1T

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2