Extracted

• • Target

    dd1b0385602213880aa196d01d1e39924e15d6829fc8514dc2d16471ca673f61

  • Size

    2.8MB

  • MD5

    cce7b837082a7f9f34c2107c4fec2bb6

  • SHA1

    e283769d68cfc6c50107842af9d0f393a9dfa2a0

  • SHA256

    dd1b0385602213880aa196d01d1e39924e15d6829fc8514dc2d16471ca673f61

  • SHA512

    c904565acbf839daf2f873e2db7af3e064ac17cecaa2d297bb423849f5fd3a092981d84d4f01f8edf5f18a7a79bd42b99fb83be27c092408eb7f27348ab487c9

  • SSDEEP

    49152:ZqInb4ijRiz79Scg7p391WKvmAEnzvGk2aB/Upa:pMitif9s3flvrEnzOiRU

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2