Extracted

• • Target

    random.exe

  • Size

    1.7MB

  • MD5

    adb822a9a629882b5444563cf0b010df

  • SHA1

    61a18bdd091861019b3ff17d121799696aac4510

  • SHA256

    1314267a5983795475a4b0a8469890c111d961fa4f8cf3215125f324fc253924

  • SHA512

    d31b575820ff095fe363a2b13905019216f317a1c883d724be9f576ea88dee2b10fa42aa39517c5f9a98633028f743c58d4199977ac90671535a87ca258dd73b

  • SSDEEP

    24576:2kQzIcT6qOn1oYgttje1LkKTvtxECuu9sKM4bmdiHkbkR1dVh1rzTc7nxyi8xTqv:2krsn2+L6kiwCJM0mdiqkRrBiyiBl/

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2