Extracted

• • Target

    2550273e781b4c50a35a935a5697e181d310bd6c227cdd5b43d811e7ac1ca14d

  • Size

    1.7MB

  • MD5

    1d402acdafdb238795c8a55ab5bbc13e

  • SHA1

    95e793211110e987d921c3dddb8d1e2171824be9

  • SHA256

    2550273e781b4c50a35a935a5697e181d310bd6c227cdd5b43d811e7ac1ca14d

  • SHA512

    bba8b91139e5127685673b2fa8cfca9688bfe9a62e4645779b964cc82ec9b62e2fd7081894731ff79acef33daf7dbe676c3ef01c39261adb0400c1d9e70faa76

  • SSDEEP

    24576:46Cu9OCZW2NEPuGVLk43qwMNrCcIRoWidd/HOCKq6Enu2lzLP6WY8SDXiVLewYc6:CudEmGV4IMFWif/HbuszLP6pDm4+QW

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2