Extracted

• • Target

    63f607b4cd4804876dd817163529180a18a30245aefc92e1ea79eaea6348a121

  • Size

    1.7MB

  • MD5

    98c5024a596c5c548d36bc33ae113a73

  • SHA1

    b30aefb89057c1c6bab845df896777bc97230ae3

  • SHA256

    63f607b4cd4804876dd817163529180a18a30245aefc92e1ea79eaea6348a121

  • SHA512

    d6853305f9f26a09e98ad270498d57f52a604667984c754c3f7aab5d5f3270416e25e9c328981d63b2675c661da5f454c290cf291c932338593ae80f8e85fc9d

  • SSDEEP

    49152:znEM/Nj3KS2E15vA2WKxdbKpFSwbTpTe:LEKLwEHI2TbKpEoFT

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2