Extracted

• • Target

    random(6).exe

  • Size

    4.9MB

  • MD5

    14fc1658de54a19670851a44afc48abc

  • SHA1

    951ba600309ff863c3ec177ba78af16c288f5729

  • SHA256

    6509d2ffd8bc3662dfe134ae1b1e811bda35c68f51f6a40eee823fce9ef960e3

  • SHA512

    77d96df4e0239fc55ab61e106e17d57ed699cc040daf652e8673bbc1dbed20e4c5502ad05e7f79460c6613831280f9c1aa0688419c9451c1ecba9f1f631509f9

  • SSDEEP

    49152:uMegDAFfdiSkW9jEiKG4xidWwqnSYQlE9nC6YIogBic:8iAFfcSkW9jEXG4EcnAgogB

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2