Extracted

• • Target

    c7cb553bd63823408f7f8150e5ab4c7d964d638d2238828c7dc78a6debc1800c

  • Size

    2.1MB

  • MD5

    664cbe9037889eee1ee4b216d6b2b39a

  • SHA1

    e252080cb9145574970ad617d75cf3d524a365b0

  • SHA256

    c7cb553bd63823408f7f8150e5ab4c7d964d638d2238828c7dc78a6debc1800c

  • SHA512

    2279f139525e947b269807bce517d9d22301e83f15719afec0219cc7e68ea1db3f9ce985e540fc06fdfe76d9b9e60dda53946f20d03b1b63ca3237d9486dfdf2

  • SSDEEP

    49152:AqzBdWPO/uADYtCD4y9TKqXjGovrBmrC:AUmADY6TK8jlmm

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2