Extracted

• • Target

    1b5103442d7f0ee79daa29f46c1b3bd6ad65e1f844616441e05c592198ebf7f2

  • Size

    2.8MB

  • MD5

    c8b363548ff963b9eaefdcf0ab866e99

  • SHA1

    d3e0fa20ca34e90e5640d30cfd56e7c4b941e917

  • SHA256

    1b5103442d7f0ee79daa29f46c1b3bd6ad65e1f844616441e05c592198ebf7f2

  • SHA512

    5e69aa93ee6bd2fe29464cf0c07026cefcab515c4217cd6eaa37fe7fb36ceee37a68242625e2fdd70efdc4bdf2cecbb9727189a6f2b3f21138fd6378ad33d3cf

  • SSDEEP

    49152:6lavRTU8eA6rznNJ+vdh1ua5TnuEKUGKcdQZe3BfVHMRd4NX:6lyTU8eA6rznNJsvnDXGKcdQY3BiyX

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2