Extracted

• • Target

    90070e4b5115c14092fc257bb696d71025d6da274a339913d9f66da915dada16

  • Size

    1.7MB

  • MD5

    97de1d3cfa763a50d7195d5bd0c3594c

  • SHA1

    3429706674f3a675e916097140d46b4e75706367

  • SHA256

    90070e4b5115c14092fc257bb696d71025d6da274a339913d9f66da915dada16

  • SHA512

    ab16e913bed783d50c3fa0f3a385c71cb5e197d0c3b3facfe45821ad0ee52c78879b2fccb587967c87488eca4accc587a2825ecd5c8e340a7f5030e5736feb63

  • SSDEEP

    49152:QPmQM+Gd813P3DiLPdDu41YAslYyJmteqiccw:8tLJ/idDuqY/YyJMEw

  Score

  10^/10

  stealcmarsdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2