Extracted

• • Target

    9f8c0914b7ccbc74bbeef57647d359869d420db4e7e64c244d9b702b05194dbdN

  • Size

    2.0MB

  • MD5

    36b01d1cf665eb15eb9c6b4fe5155dd0

  • SHA1

    37cc4f1e0d628d8f9d249b19a6a38a3733032d0a

  • SHA256

    9f8c0914b7ccbc74bbeef57647d359869d420db4e7e64c244d9b702b05194dbd

  • SHA512

    d54decab11893e73282772e71f01c5eaff15758d053c0d06304ab9fe17bf5267b36afdf052398c804a8671939ce42adaa7ee4b4d5b271cd57487374ef35f2375

  • SSDEEP

    24576:g320w4Fz884k9dISIC9Xt1xQ/RMTByL2RxUE6mlVe9Mfsym7rkx8J6UiLRymtKhx:gVFYtk4sd1xQgR1hlVe9MU8MSXW1h

  Score

  10^/10

  stealctalediscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2