Extracted

• • Target

    0c1465d9926562d4a9fa95687cbb7e803bcdee64995076561c0e85413a9aa8ef.exe

  • Size

    1.7MB

  • MD5

    0145f823f09db315f37521f084e3d7c3

  • SHA1

    959b89c275a0f20e55dd5f178510b76966426b31

  • SHA256

    0c1465d9926562d4a9fa95687cbb7e803bcdee64995076561c0e85413a9aa8ef

  • SHA512

    25d8b0700a1715f65e744e6fefa0b3d7719c45ef1135660136c80d056ce9b57ffc710f257e9d87e811580640a7d11675b4efbffef26ac37309a8729202fb2d6c

  • SSDEEP

    49152:jlkmFVNSJegkrH17i9Q8WBoXCD5cZEjNCt:j2Jegkrs9mBoXDEhY

  Score

  10^/10

  stealcstokevasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2