Extracted

• • Target

    6d29273fe7963ba9fafcf715d48ff3d63fc44256f40d10b3108a8f93cd97a1f0.exe

  • Size

    1.7MB

  • MD5

    058a538e09f75e4c91b1f961c270313d

  • SHA1

    6adf6f1b199d01b452cbc7aac7b4c71657f8a69e

  • SHA256

    6d29273fe7963ba9fafcf715d48ff3d63fc44256f40d10b3108a8f93cd97a1f0

  • SHA512

    ab6b00c5670e908b259306947b8b0210c442bc1f4e1ddf0df27cd3783b6deafccb78d1e7bad4dffe9e20456d2328895ade320337a553cfcfd53815f043c4cb72

  • SSDEEP

    49152:cbPUA7yJRG35rUgRMIYKmBZPYMirun/38hBxP:gPUA7yJg1RMRagn/mBV

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2