Extracted

• • Target

    f0ff20abe90c87f8d45682a3a8d8551a0a296fedc6d6c15f3398ad410bf356d4

  • Size

    1.7MB

  • MD5

    2f1804745c27ac741390be5b144747c7

  • SHA1

    36ab8f8b9acf2d8756fb75250cb19e9aa9ca3e43

  • SHA256

    f0ff20abe90c87f8d45682a3a8d8551a0a296fedc6d6c15f3398ad410bf356d4

  • SHA512

    32a1f408b41c6ecb0ec933898d69db37e6182ab7f5c90873049cef647091bcbc43923dcfbd885e559dc8b55f6234fd8392be4ae33080fd90aa7436884cad4470

  • SSDEEP

    24576:aG1bAthoEakI4PhtWP3DrF6RHNo14OZUgrZLmY1wlPpRvC/GCyd1vaXrbzbE3Isv:a+EhaH4PWPTZewjm7d3Rzwo3IzMVUg

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2