Extracted

• • Target

    7d65971965b137f7626d23f18e90abd2656048e69e3606042c67517c8b86074b

  • Size

    2.0MB

  • MD5

    9860e88c3782b7fce199d1e69be5b3ef

  • SHA1

    3e86ceae63ac4267c444c6b49b4ae7eb81055468

  • SHA256

    7d65971965b137f7626d23f18e90abd2656048e69e3606042c67517c8b86074b

  • SHA512

    a6723206ea95811ab2736765c1ee4b96f012396cb08a30b453a7fbf9dd93479e0364177193fb5125000f5e8b23faf44a204c71a056883ab5d438b2f123b7c475

  • SSDEEP

    49152:9bzoRS/L+22RKf+1CHsGvn/lyfxhGqMyWPWoL7+wsHhXQOfk:VoRkL+dZ2RFyWeUywsBFfk

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2