Extracted

• • Target

    2c076e48bff5fb538be86fcfdc8c1657613200cdaa27fa0e8a6f8e46d2aa9589.exe

  • Size

    1.7MB

  • MD5

    026de52964103c3f11b72d6e321d5971

  • SHA1

    33c73f71ef01e964ef44a778d0c76f6aadedc1b2

  • SHA256

    2c076e48bff5fb538be86fcfdc8c1657613200cdaa27fa0e8a6f8e46d2aa9589

  • SHA512

    32528baaf8472978bb2cda82b5988103fb94555baf22e2c9044ca46e2b193b6e8eb37aeb77f9a2a8557c581767746705d318ea8fb378786ad56b7c33442e55f8

  • SSDEEP

    49152:tUAG/BeGcy0GOOusWV2N6YYH+BEUqfj2uGkW:tUfe5y9Bfs/+BEUwW

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2