Extracted

• • Target

    998c8dddf5fc3d73a386669c03ce5a4d371fb1d09983b1828f3ed49598af0b57

  • Size

    2.8MB

  • MD5

    a0956c9f9c719b85668c6f8b85f89a5b

  • SHA1

    031f8c3bf791e31ae9b03286b486b1365b81f745

  • SHA256

    998c8dddf5fc3d73a386669c03ce5a4d371fb1d09983b1828f3ed49598af0b57

  • SHA512

    1ee084ef14a516733ffaedd360b43560bf87e999fc4f2ad9c8d34191f33e6fafde7bd0773cc422f63d664e8b8d994d1884736f70c360927aaef75745323b8474

  • SSDEEP

    24576:LBGJABbey9EKIXUDMPygZalHOiZncFx2J/atbmmPffRv7P8ussEsfEEi3M4rz7Jf:lKABDZIXUI5iuiZ29zmuarfkjpTSyng

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2