Extracted

• • Target

    random.exe

  • Size

    1.7MB

  • MD5

    a1d508cd0f560187a4eec32172b572ea

  • SHA1

    3bfc9a9695d74c9a884ac886c363b3d4e2e04046

  • SHA256

    35eab41584e126f6a9df335ebdb3bdb0f8406a91e99620f7aaea0f0e32e52314

  • SHA512

    1e3da8cada023e71b58796665dde1353d7f0fed6613b9f542ec6153aae7049c0b72efb98088401264ec004d9d38ecca5d234aaf7d57c778b52cdeb14dc460dde

  • SSDEEP

    24576:nRJRKEiFqtJPXgbD8MmELN8X8UZay0xp6yIBnB74b298WOnSbR/pD2Ekd15iwP8S:jRniiNZMmAI8bBxpcBnB05WJ3Pa1cun

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2