Extracted

• • Target

    e6ca41bc8e9972f791ddc6bb97e6247d0c7f1d0a18f02ec97d2d63dc1f3e3451

  • Size

    2.0MB

  • MD5

    fa6b75ebc4cf564a1055c63db94bcd64

  • SHA1

    75325bd377846c171213b10261d640b33c4a1d7f

  • SHA256

    e6ca41bc8e9972f791ddc6bb97e6247d0c7f1d0a18f02ec97d2d63dc1f3e3451

  • SHA512

    26084e3abba1f9e37ceb4ab858045b33efea12c81699e7ceab34459d2675cb57a906db6728dad64213bdfc52a1843c733e750ed1eba75f3e73acbb15df170679

  • SSDEEP

    49152:vAlWxxFXjEzNph+Nl1Bh2C3p+Y4Ky2FvmoFpEdG4FoYfXf1g:v46xFX+kfD3ppTFmo4g4Nn

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2