Extracted

• • Target

    83a46515e437539d5d00a1ed4d361f3a.exe

  • Size

    5.0MB

  • MD5

    83a46515e437539d5d00a1ed4d361f3a

  • SHA1

    ce89f1c3e1c3e069020db65ae35b5b1c6b4b3d15

  • SHA256

    a7f8b342432721e07f208f8d793f5a248e15c22cba255ef6b22f1b572a11b759

  • SHA512

    3a52653fcdc707572be2405294fc51b46ce15501f6edeeb5af4e845f67551834f0d4b0d8b82e687b5d8d9b5410b5bc4a200d27ee4c936a6db3a167b29a43d9cb

  • SSDEEP

    49152:a5s9bIAUGBCBSP9A7MlYReqYWwDZZorzh67u7DrFP9dO:aqbOGBCcVAglieRZZIzVHrFP

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2