Extracted

• • Target

    5fd41d51e8eccf7046e5d3f2edb5afc4f5584994966a26cbf5aa99ac1a92cb30

  • Size

    1.7MB

  • MD5

    f797b2f121be8c7fcfd98376685b348d

  • SHA1

    bd1b82caeb550a9dc653031c84b61e9fbd509eae

  • SHA256

    5fd41d51e8eccf7046e5d3f2edb5afc4f5584994966a26cbf5aa99ac1a92cb30

  • SHA512

    9117e94a1995a2d07e5483e283f30673052f3f9e007a3c98b24244f6fd606e586eaec8473655d83f68cf709e3b917548bc8efe4214c624646660b310cc41501a

  • SSDEEP

    49152:kUhEUmgGxH6XCduY1GGRqYHS1S2a+2Wt:kUhEUvDCIeGPn1SfTW

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2