Extracted

• • Target

    5daa96b143664e8240a32b32b58334dae0cb4f3b0e007326b254781650bd6950

  • Size

    2.6MB

  • MD5

    e2bfacf510150398793a34883ff3a0a6

  • SHA1

    4bae7b105641e0829052b370ee935d96d05b2cde

  • SHA256

    5daa96b143664e8240a32b32b58334dae0cb4f3b0e007326b254781650bd6950

  • SHA512

    f67c6ec79bbf724b07b16bf79861cbe75fa69546f5180f8f2a9695364e05b2999a88ed1a6e966c5d0f92c3190d214fa5ac31de1baa897a929049902ec0096617

  • SSDEEP

    49152:76MKZD8x8gOdUVC+XQigB+Yj+gwcSSN8qxaGg1Ye:X9GrUVC+XQtBNxVgie

  Score

  10^/10

  stealcravediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2