Extracted

• • Target

    c28f928469cb659df78d1a3c658a2fff4164603739e1ba0e49e3e18724136fec

  • Size

    2.0MB

  • MD5

    c983763cb4748946877c3fada66f0670

  • SHA1

    e1387fbe57898c299da3e73babe05f708b1d9fd2

  • SHA256

    c28f928469cb659df78d1a3c658a2fff4164603739e1ba0e49e3e18724136fec

  • SHA512

    43dc253799761ce5770403361ee5839e1ba72c44064f74b50783fef38dcb6da3a1c8b57d7b60f6ab44e0824881872cbd0865d2e55cf5473deaa8eee1e25478a0

  • SSDEEP

    49152:9QU9QFvCpcIJmy8Y1RytHtsHEuQAkmrh0gK7HfZS7Jlp0dL:9p9ivCptT10tHtlNHSh0gcf87Lp0F

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2