Extracted

• • Target

    09acda2ae96842b185bc2bba0ed272ed96beb6b91bc1b1ffb893091fa483ffa6

  • Size

    1.7MB

  • MD5

    915a78a8cd413391985cf09a21158660

  • SHA1

    bf693ed6635bc28f14ee602a35b79af3b336a704

  • SHA256

    09acda2ae96842b185bc2bba0ed272ed96beb6b91bc1b1ffb893091fa483ffa6

  • SHA512

    37bd411c0eb736123c095fe3827f2a29b05fcade3ff3648b2208246715b4a39e08f763a191fe13d58239ac7eeab7804cc6ae7e1c2600e720af7b7352db6a6adf

  • SSDEEP

    49152:/5LbeQCEGMU6Kl57uelHzuuIlzZErCh9DQbHB:BbsEPU6KmsiZ269O

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2