Extracted

• • Target

    cc67fc2b2998c5aa3c0a786908cfb6815a9a0015f0a80c73cbc39f261afa851c

  • Size

    1.7MB

  • MD5

    3264ae26929ff0c3abe85b43070dfd27

  • SHA1

    a245f83195576f855bbddac90f9f39da8615ffd3

  • SHA256

    cc67fc2b2998c5aa3c0a786908cfb6815a9a0015f0a80c73cbc39f261afa851c

  • SHA512

    8ad368c0a8d589d496dfdc430237520198745bd60ebfd52b2a1aea4942c44470ff0e2a63569d427a0b8fb8c59ff6d481db2050ad0ce9d41e0abe61ebff58c6c8

  • SSDEEP

    49152:YvAFquWX3EEG5SMmAVatn2FYGV3zqiAjeF3ehX8f:+yfWX3w9mAVatkYgeL+

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2