Extracted

• • Target

    c85b9fda965fb5d13142b0ef3369e46abbc5f4bfb948fd2179d6d160123c0689

  • Size

    1.7MB

  • MD5

    807a67da4cfbc1cf70de9fecfea9fb09

  • SHA1

    e2c37f774fe4daf510961d6ed7239d8b03d83036

  • SHA256

    c85b9fda965fb5d13142b0ef3369e46abbc5f4bfb948fd2179d6d160123c0689

  • SHA512

    65c46a8585e0b87c53d242a18dab0ed9d83c1378347ac0209bf5522b93c34051ae1aa7e0b63829980f1cb156d54bab3060c39152d27ff694a79876aabcd78561

  • SSDEEP

    24576:0UwQa6DjoI2UifkkNV/R/0jR39QE55dKfgM4G5oFjZEiSdfKn0lZxklN6HYRYMYE:Xa4EdWdKB55y1efKKzHYR5YXLp2qK6M

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2