Extracted

• • Target

    70PM4_random.exe

  • Size

    1.7MB

  • MD5

    9bbce4f97ec6ce722de9ad3619b7c4e9

  • SHA1

    61672133522cab050ec53e3e7df875d4cf7634cc

  • SHA256

    b0ba827719a2481183cec325d9daca05c0c0f88f7dba1a9f5a0d5a8efa0259aa

  • SHA512

    1fe2654d02eee08008ecb0a7cf85180016f43cccd037d3418073a6ae1e24b1fa2c35d87da11d273da9f48a6daf48582037f3f2ebabfbea8c4011e741ff0fcdfb

  • SSDEEP

    49152:zptz7C7imX+0eBv22pzB1kUuoFolUgDZHItXwC:zpcWf22p5u201ItXw

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2