Extracted

• • Target

    06485350aa2fecbc8b68c4bf5e2e507030065fd92794425da145c74b6804c41c

  • Size

    2.0MB

  • MD5

    3d17618b1108053c2643a92804657456

  • SHA1

    92d6f817db761936dbe341a58edcfbdb3f778de7

  • SHA256

    06485350aa2fecbc8b68c4bf5e2e507030065fd92794425da145c74b6804c41c

  • SHA512

    d81540bb792ca8b1314772ffdac8c3d8fb604a1baf239ec925cff191edf6911aec8b00631d6f4744393df7bacb37d1c69e4336c2d90fe95218b8a88421a46d32

  • SSDEEP

    49152:mwH4Nl8k3voLs1IXdeAE9TqIR1v99BUw3r7J8eJ1:mwarQLXtejwIP9UwPOeJ

  Score

  10^/10

  stealctalecredential_accessdiscoveryevasionspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2