Extracted

• • Target

    0118a27f2be149a11b030703e35e768951c4db7125a2c50a00f06707532a7de1N

  • Size

    1.8MB

  • MD5

    d6182aeb56837f2bb02feddf5c068270

  • SHA1

    26587c1f0a8b1691b5f9b53d26cd955096c507ba

  • SHA256

    0118a27f2be149a11b030703e35e768951c4db7125a2c50a00f06707532a7de1

  • SHA512

    9d0fe894a43a04f5713ec50dca2cad9436b164f10352a2ac2203b8b2abd65d4843ec08cf53d015d9897271a27a887685bf3c6d9bbdda983b4c54d837fd91bb70

  • SSDEEP

    49152:NFGoD+4uFQopphreP+OHqjRZxEdQmZlqkClwxmf+:DGl7EPb3X2kCKIG

  Score

  10^/10

  stealcsavediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2