Extracted

• • Target

    60b03b5b958854ff0a0cf5960ce45ccb101f8e0a7820975a31b0f3a34bfc4b9e

  • Size

    2.1MB

  • MD5

    9334868f7b581601e4544d8e2ae12c6b

  • SHA1

    37403986c6182d30b61cfe3a57430e24148f2074

  • SHA256

    60b03b5b958854ff0a0cf5960ce45ccb101f8e0a7820975a31b0f3a34bfc4b9e

  • SHA512

    f4e4b8c1aad3e3949cd4bfddd70788f431fa5cb9546d34c6186185cbbf85c8b5a828ef99599f4ef2eba1920f209f4be571c3f0b10bb8ac64083665d8347fd6ac

  • SSDEEP

    49152:2AG7/NOPLkRjYD0FzNnENCq5uFg3mmdy0JEe4487fvicCljU0Aj:2hOPLk9YDmRENCnSjygEe4zfVClM

  Score

  10^/10

  stealctalecredential_accessdiscoveryevasionspywarestealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2