Extracted

• • Target

    8db18ec4c9132042c96a79d4f23dd4c1faa3955156bb6380546ef0ce83be5727N

  • Size

    2.0MB

  • MD5

    6b99b9f5072d436f841a24c4fe630a30

  • SHA1

    023f9fff10ba70a12132367296c34937bc4a315c

  • SHA256

    8db18ec4c9132042c96a79d4f23dd4c1faa3955156bb6380546ef0ce83be5727

  • SHA512

    6d9db36a2c55b5747846b373f872bbebf0b01f5b9f305ecccc837555b0f1dbb8ddf31acf116f7c2c6c5744c0a6c6459d517531d8f88ab291ba680e4f499adba6

  • SSDEEP

    49152:m0Tuh/darkg5+h/jtnP1KgdjDtGbJwo/mZrF5I:Dqh/wrd5+hrt9KgdjDtGdwMm75

  Score

  10^/10

  stealctalecredential_accessdiscoveryevasionspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Uses browser remote debugging

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2