Extracted

• • Target

    b3cce25ca20d9598ae3672657a5f0c2492376a9a2ecce5e237095e2fc711b062N

  • Size

    2.1MB

  • MD5

    960b155ce99ae2a9f450c54ad39b1960

  • SHA1

    e14e7fc9aae50a834a7c4d5549668c6d4fd6289c

  • SHA256

    b3cce25ca20d9598ae3672657a5f0c2492376a9a2ecce5e237095e2fc711b062

  • SHA512

    03722e2d54e823c2df72454a84af01ec72f95ecd7558c198ec60a5075449ed5fc7de7be578b4e02b21ac16a018edb5c07c3ba0d76a586074047c84ec613a4c10

  • SSDEEP

    49152:e4r2aBsti7wuLD+hFWLYwvlGlDV1pllOXTIFxxMKcjDHqItX:e4r28sDuLD+i0wlyVDOXkfyt

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2