Extracted

• • Target

    f1fa0545bde183d84cb9b24d6635ffb5ab98bd398659e92adcbb5dc90064531d

  • Size

    2.8MB

  • MD5

    dfc4ac821d77ac74e88a8d6806f3b381

  • SHA1

    328c4646185f83623b64acc275314337cb8507af

  • SHA256

    f1fa0545bde183d84cb9b24d6635ffb5ab98bd398659e92adcbb5dc90064531d

  • SHA512

    5aee1cf473a623a0b6c659a337d1960e395d67c94fc54a230b9b70936f2ad2bf983547f9c76e13ff20c37fb34dd8185cd8e5d96979f91f9749626e6fa902a2fe

  • SSDEEP

    49152:dtv9RVRs4ysgYlKSDNYudvfckBawllV1SBdC+6iK:dDRV9ysgYlKSDCuJckBawzVmn6i

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2