Extracted

• • Target

    c1f435b6b40bd2e00f4b7d3a89ffc46091cc8298ae70bb97444aab650dbb17e0

  • Size

    1.8MB

  • MD5

    4cd665bb2e14afaf47313eefa5b3062f

  • SHA1

    5cae67a79d827beb065abe49446c1be1d46f1ba2

  • SHA256

    c1f435b6b40bd2e00f4b7d3a89ffc46091cc8298ae70bb97444aab650dbb17e0

  • SHA512

    818db1b60e8f0e4b23e027631ec38894429dfc65f846635d992faba893d19d7c2774cfc836a3f93a81a39fb0a96c7537f4bd8591acd4934a44a3105876d84cb6

  • SSDEEP

    24576:En34H7jhbQ7hVMeEk0ruvC1w0vpZi4H58CKdUMqYRkr9d7fr0J8CXUVGPyp3JzK:E34RQVVfn0a3ijHChVqY2+8JV3pZW

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2