Extracted

• • Target

    f44d003689a632533001f298448bb3f74730e7b21fdd897785edfa0e60701467N.exe

  • Size

    1.7MB

  • MD5

    bd2ee87991c403738d17e3b667a7e890

  • SHA1

    09d7e8c585e2f63498fa3fee21b97d43ca39f115

  • SHA256

    f44d003689a632533001f298448bb3f74730e7b21fdd897785edfa0e60701467

  • SHA512

    ab332be48e6b8dce1d38134a0788d9eb093e7bafda020377d64952779f3538d42e9d6b50993809e67e338e40d49dd15b48d5f750530c29a09cff94eb93775292

  • SSDEEP

    49152:BkEr+aR+cdqj5JA39L+LQIg4iampyh4CsxQn3ABPA:+ErnR+cwkg9TiLpyh4Cs4AC

  Score

  10^/10

  stealcbratdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2