Extracted

• • Target

    47204229250038c39454b2ca2373c8167aec19c4b1f20a76d47ba27d02ab7e10

  • Size

    1.7MB

  • MD5

    2628682f0658026fb7671c6c7cf7e652

  • SHA1

    e47864c2f1ef6b2757f938bdbfb6cc1eda0047f7

  • SHA256

    47204229250038c39454b2ca2373c8167aec19c4b1f20a76d47ba27d02ab7e10

  • SHA512

    83f6663c0d3e595b7374890396324db17e3c6dba3f0368c7adafc7d8f6c4062b27f620fb8b52795f7323b84a95700c65ee6358c8e0ead2d56fa6d8a0dafe7aa6

  • SSDEEP

    24576:gwB5I/uxEJbfOsh1aKP0TP+BddN4tKk1lHa5VElZ1gMUFN1e2Xah2sObOZ63rgh6:gwPI/xFoo74t9LSEtI9a8sAOZYAinTB

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2