Extracted

• • Target

    90f06e50c82273756c781f7d576040cb24401603e041d51e9c9e5fdcaf90190f

  • Size

    2.0MB

  • MD5

    aa30f58a1ff52aa0f4579748e63a8092

  • SHA1

    eb09340b6524275189bc1cbb1ae52ce312d4aafc

  • SHA256

    90f06e50c82273756c781f7d576040cb24401603e041d51e9c9e5fdcaf90190f

  • SHA512

    676e6c8af4b9a8982cd8b1552a911f63f97b15cb29f2af9f6d215f180f0a4154b6e85512761166e9c45287d92709ff231258f88c19dace92dcdadc6d5b914e6b

  • SSDEEP

    49152:e+TJ/c4O3lvqgkBq28/w4MQthrnqIM/2sFHWaJfnJ4WlxK:zT5c4O1vzkB98/ww+/CMfnJvLK

  Score

  10^/10

  stealctalecredential_accessdiscoveryevasionspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2