Extracted

• • Target

    8bd7b0662ecb72eb60b3ae68a0534acb4a787263a37a619a48bc7a2186c4415d

  • Size

    1.7MB

  • MD5

    e814098146a7d5bb6910f684d24ddda7

  • SHA1

    3ac620ff3ae684e4d614ffb27821d8301f973a84

  • SHA256

    8bd7b0662ecb72eb60b3ae68a0534acb4a787263a37a619a48bc7a2186c4415d

  • SHA512

    7d3dced81670b6e318e77057bbad45d5d7d4015f08ba0548e0f52766bf6ec2d874990a2c5003f5c2d48a39801d6c5c5fe26b85cc120b2ab77a7c8f4166588c99

  • SSDEEP

    49152:NC3dgqyRY1d1NYSRu6+dNOpwPSmf9QlPT:4dgNRYX25rSmf2l

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2