Extracted

• • Target

    8a9504c6a7f852466afe88eb125ae083d6aebc2c6d425f5bb7cd1addc06ee9d1

  • Size

    1.7MB

  • MD5

    847dc7a430728d6778140643335af2d1

  • SHA1

    29dca74eac808ff74de2754f28c0ec6d6a0de70a

  • SHA256

    8a9504c6a7f852466afe88eb125ae083d6aebc2c6d425f5bb7cd1addc06ee9d1

  • SHA512

    743649d4449e1d66e926be05482a96131a23939dcc5beec072aacb8fd938e52baf787d2087c41a4b5b9c6457e4bd74b5db540ebef5a432d6bec45ed1e5a3e118

  • SSDEEP

    49152:U0emuSSFOf52t04wlVRQCJAAqBnstcyEceA6N0uwe88U:imu+2zwlVRjJAAqBn2cjceAgVwaU

  Score

  10^/10

  stealclevadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2