Extracted

• • Target

    f53185e3b9046b1c522d14dfed5988e0b4096cd5302e13a0d3e77207e014d797

  • Size

    1.8MB

  • MD5

    e9912f8bbba8a435c0770c5cb9dbdee2

  • SHA1

    f323b850b002137ec47f291d928378245d4670fe

  • SHA256

    f53185e3b9046b1c522d14dfed5988e0b4096cd5302e13a0d3e77207e014d797

  • SHA512

    640a900f0655c839df55eb130270e1dad80a1a9ac60796c816d330156fdf48e3495acbf643d777c647868714c54b653386109cd6e3ceb49126f04eeb6ecee9e8

  • SSDEEP

    49152:wdg0ihASkGCxyd3OqAl4aiQn0JNNyT+qrfNSqmL:wRNG2ycRiQ0JNN50NST

  Score

  10^/10

  stealcdomadiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2