Extracted

• • Target

    e6ad63170de51515b0ecf0a6de901da2d3fbbbea9641ef2560d7ed941bdd26d5.exe

  • Size

    1.8MB

  • MD5

    a17a6e5e1265ab35806fec867326aa8f

  • SHA1

    60b6ae5b5a0783a2ed92ab434436cbb6d01ab826

  • SHA256

    e6ad63170de51515b0ecf0a6de901da2d3fbbbea9641ef2560d7ed941bdd26d5

  • SHA512

    3923c843b594a170bcf7e91da0eb61e290a861fd99157f30fc6ae544cd5734e18ef563e03bacaeb7b230a7a0ecb25ffc8862d0dc934a0c8d724638f902e54fa2

  • SSDEEP

    49152:wDtsAsSYw8BWpMZnizw0VA7kEm4Om/up+:wJKWpIik0EmxP4

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2