Extracted

• • Target

    1ccdd1cd66c2f81632a1ca01e966d71b7d7ef6e27ca73214319fd2d6303e1b1d

  • Size

    1.7MB

  • MD5

    1a0eded5ce6f8eb8e3511a33950d857d

  • SHA1

    cabc995ab1a44aa1d8a33689b3197dec2539ca90

  • SHA256

    1ccdd1cd66c2f81632a1ca01e966d71b7d7ef6e27ca73214319fd2d6303e1b1d

  • SHA512

    141704bc409b89089b8d5dd0d9e040f88060bad9736417fbe7c26ee860d3820d008d5a0621a374868a6a76cf049367b227ba6630789b3af1172f31f8f9d17863

  • SSDEEP

    49152:pTqitOgI++S8s5pABXYQ+X5SKqIvX4AY2Hs:puitEbSDABX0SKqIom

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2