Extracted

• • Target

    61155f40907e8793f5f8525d7e13c98be15cdb79958796e6b7564d13c6a085f1

  • Size

    2.0MB

  • MD5

    a899aa21b5f1400774b8a23ed370de3c

  • SHA1

    a881e4a5b5f78e0b84f5b6fa87703a3292d73dba

  • SHA256

    61155f40907e8793f5f8525d7e13c98be15cdb79958796e6b7564d13c6a085f1

  • SHA512

    9d4881578a19455d62d1a63d267284e251a1e3a6d6f7270f61586181bf0a5f5ec82fb8ee608f5c8951030b1f0fb7883ff4f83f642dd38b1dd525f6cc87b8393d

  • SSDEEP

    49152:VlA9UGxZcN7vxno/MIfl9x+p7S1tU0BFjRltGgJGXNIt:7x+ZcRRoHl96qRJkXCt

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2