Extracted

• • Target

    ba2e11ad994e6e1eacc5c1f73c069d76cd37e4e70edfa0335a40f203f0aa9aa4

  • Size

    1.7MB

  • MD5

    149b45108edafd5aeb601284e95bd25a

  • SHA1

    5931cbd8c8c54eb6b37ce65a883197484bb3c7bd

  • SHA256

    ba2e11ad994e6e1eacc5c1f73c069d76cd37e4e70edfa0335a40f203f0aa9aa4

  • SHA512

    e54dde5ed774c40c8af8ead30225110b78c0e069e4f57a2ee81db53fa54ed124ab107047ce9e5851511e6a8a9e551fe698e575f335e1f7d60f1d7c49e4dabcd8

  • SSDEEP

    49152:QRMt0SWz7X5FqBeLs0F5xyGRDvxu5E7VPeS4y1yXBG0X:QutW7X5cBetzyulum7VWHy1yXD

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2