Extracted

• • Target

    random.exe

  • Size

    1.8MB

  • MD5

    12a126af335a3bc2453be8a0849728a9

  • SHA1

    da47f06653a3bc1ac6a87b321bfec96ea0046c99

  • SHA256

    5aa99418b597f6c27c343e8031e25bd73116bb3cc888cc0cd25d62c88126c974

  • SHA512

    cb6683a0667961390742e6ae4cc218450ad5d546c75a59d69f6396f7d2f025e62108c810880206a392d47d1e99dc19361cb4ba1b086971a8da7a27fe7e1c8f65

  • SSDEEP

    49152:UT/E1oUINCxvAuIeUQVxB0jZZZHVpOgdF8/vw:uc1dINCwejJ0jZZtVJdy

  Score

  10^/10

  stealckiradefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2