Extracted

• • Target

    589da56f4983bb976189e01772401bc5b09cec1618e048f62b0e8cffea2ed730N.exe

  • Size

    1.7MB

  • MD5

    6a71fd35ac741ab91c1a1d94741cfb80

  • SHA1

    848710efada003852d3c097b08431d40448a4e6b

  • SHA256

    589da56f4983bb976189e01772401bc5b09cec1618e048f62b0e8cffea2ed730

  • SHA512

    ec4dd85706dbb27aff267a4bdc11b6fc81720244530042282c17038891efc7e82d672cd7f23215d9ad3fd729c6410c588881ae757dbca49816b53ac09f3f9871

  • SSDEEP

    49152:LMEi3MPI2LfxlIFwSzQAwT/0JVvyJF2+OXkFw+bB/:I93J2b3SzQAwTEVvU2+mkFXB/

  Score

  10^/10

  stealcstokevasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2