Extracted

• • Target

    9db3b2934bb5cc5d560c145cb38de855d9933c689575692546012b72d64b5843

  • Size

    1.7MB

  • MD5

    392eb20e892fc8093ff77a2baaa9df93

  • SHA1

    f60cd84bc6cc5ea84752dc0b813eaa19a15f64e8

  • SHA256

    9db3b2934bb5cc5d560c145cb38de855d9933c689575692546012b72d64b5843

  • SHA512

    efaa4f5cc1f040532638ff7d2049f1e8d352e369a3e7c14cc14f892a6ac559a1a82ecc44f1e4b526c7129b5c1b78a0702d718558b969dbffb6f6bb5c4a1d05bd

  • SSDEEP

    49152:bZ6EwIkbH7HcGrn8tO47nPnr5+lTgwe4yWO4:F6TtbH7H5gOkPnr5SMweJ4

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2