Extracted

• • Target

    8e6e5197c7542613f4fcf6dedfdd6a774f1464876cdd2defcfc05d092d169180

  • Size

    1.7MB

  • MD5

    b568ff86da616dd1a46d9fbfa9415f72

  • SHA1

    1f0a299ee6349d54d18b5147ff957544501b66fd

  • SHA256

    8e6e5197c7542613f4fcf6dedfdd6a774f1464876cdd2defcfc05d092d169180

  • SHA512

    b1e3c0703d317973c6bfda8bcab2c5bc97de12062d0ac908bb9b3e651892244630df1f07076b43d3a4b0da8a0ff7ec10bbaafb1931377542c9c812494b067b29

  • SSDEEP

    49152:myE1hLhk/5dnzw6szJebcL2Y/EwDv21gCbw81VX2v8TL:mlc/59zwdMcJigCbw81/T

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2