Extracted

• • Target

    c327398b6888d4e2b63884a343226e59b9899420419f29cf82d14085058be1ad

  • Size

    1.7MB

  • MD5

    2fc6ddd1e828cb0c9f8e9312f4ad7054

  • SHA1

    a1757f24ac7264fb98a43f08c65c668f64e3551a

  • SHA256

    c327398b6888d4e2b63884a343226e59b9899420419f29cf82d14085058be1ad

  • SHA512

    1940313198ca63dc18f546451b9ace2d42b99473ad2e0ab66ed4da40247b853ade45119fb183bf5a8942c622732b42c91a22b92430d5b962929a536fe5844d40

  • SSDEEP

    49152:GfiEtkbZITP09nLtNhZf4jzYDfEsyHPwcbf:GfiCkbZaP09Lxujq2Hlb

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2