Extracted

• • Target

    52556e20d18fa45cc1c277958c13d3d02dc9e3a90be920b984709d1198dabd2f

  • Size

    1.7MB

  • MD5

    522a3f2c161c5ed4c1e8ea3acb7b7d58

  • SHA1

    1d97955eda6937ec191cfbaab0c035e698832d48

  • SHA256

    52556e20d18fa45cc1c277958c13d3d02dc9e3a90be920b984709d1198dabd2f

  • SHA512

    ea78e5da09b7e9694dff62fde161319a0dea4a4bc43952b47dcf87b0dc65c5ce2c76e01617638ee0bfed73edb668ef77b102191e9f4ecd7eeb5f7aa13a5f9d83

  • SSDEEP

    49152:dtJ0Jr3qS7Ai1cZxqlymFzUBZbHbfqq+c:dvg31TmxqllFoLq9c

  Score

  10^/10

  stealcnorddiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2