Extracted

• • Target

    cf146510afc23e9c4b93dcbcf38a27bb75d2e0b22c2cf1106e69ef20177ebcd6

  • Size

    2.0MB

  • MD5

    114d5e581b70ee44a460de6083f0ec55

  • SHA1

    c7a450b65d7a567148d5f35ae575e102d6aba9bb

  • SHA256

    cf146510afc23e9c4b93dcbcf38a27bb75d2e0b22c2cf1106e69ef20177ebcd6

  • SHA512

    7cad59fc6562eafabefd641677f3d0991f7b185d8a1375d5a0142d13c71951be6baf688715ef97cd98a7cd0a4cd9a9091d4c0b9f718b6ef7a1e1548ebfb886f5

  • SSDEEP

    49152:JPXIjJ0a0aYnxFxDUO/QK9scMsUl/veduXzoVEyZ:JPXIFV0aYhD9Wsozo/

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2