Extracted

• • Target

    9bd047162a8d770bd1e58f35aeb0060922c54d113c485fd4a077e138413d9e8a

  • Size

    2.0MB

  • MD5

    7a7b151acbff6469cd2ace366a9317e6

  • SHA1

    de52d683649a73ab42b11ac334547b3b08d916af

  • SHA256

    9bd047162a8d770bd1e58f35aeb0060922c54d113c485fd4a077e138413d9e8a

  • SHA512

    9f0fc2d2b3f1d915446c73b4aa44dd4cee13f72d523cf08346178580e4ae970facee15c3aed4d946ca509ff49486a4e1c646674523d6da44075f8866e75a2811

  • SSDEEP

    49152:JUDTnI+zbZNuVHCVDOhAdgbfH3T/FmvguWHltt9n:JUDTnI+zTdO5bfHjFczWH

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2