Extracted

• • Target

    96a58b9ab4ffde1c0957939349d3a0c6d7395b4aa87290df337f9efac7642cfc

  • Size

    1.7MB

  • MD5

    e5209b70503e7760fe2a48338dd334e8

  • SHA1

    acd1ef65690cd0f9c1b74fbd4d19a706fc92ffe8

  • SHA256

    96a58b9ab4ffde1c0957939349d3a0c6d7395b4aa87290df337f9efac7642cfc

  • SHA512

    68bfbc4cc3a6b64a4c6d5c377c6616a68861bb71ada6a9c6b83d2a1aa4aa401257653cb187e55ffcb1bb62eb90efff853d0b556ecc05df9aa99dfab016840979

  • SSDEEP

    49152:W3IxdPm/93PFE+08pasMrzfckRIWu+OX:W3IxdPW9/FEx8paBL3RIWli

  Score

  10^/10

  stealclevadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2