Extracted

• • Target

    0f9cad15e5f9316ea828c0cf85319a6dc5d10e7db02b7cb8a98d70d26366420a

  • Size

    1.8MB

  • MD5

    9a975eea954036042365037002b8c34e

  • SHA1

    050dd702dfe989d8bd0f63542a44a30de15a1bff

  • SHA256

    0f9cad15e5f9316ea828c0cf85319a6dc5d10e7db02b7cb8a98d70d26366420a

  • SHA512

    b8ef396ea8b87804e7ad13dc8876568199d86c95b19415885945672ed96de99c3e76daaa0f157e7f290f685e36d95277dad5ad6a37b4a080a610a120287a1f84

  • SSDEEP

    49152:rpmFGY3ravO5n/dtOJPFfKswi4J+cjYJyR:rpmFGY7llkVQ8CYJ2

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2