Extracted

• • Target

    d12207e5d2e2668de9c381a14a35a6199a0d6c50cbed1164340ac61bb1eb85d2

  • Size

    2.8MB

  • MD5

    bb44422919d44c41ba392b6fad35f9e3

  • SHA1

    0a9332cd23a8cfa6092709bc133d7052d2d43c05

  • SHA256

    d12207e5d2e2668de9c381a14a35a6199a0d6c50cbed1164340ac61bb1eb85d2

  • SHA512

    2ce8ab147380afd27a12f2f9f325566751ed208ef0529cd6d6a45634914dedf6f1ca2fd4cde579a30ec667873a60909f0540615e37da2c274afc40a02a914d07

  • SSDEEP

    49152:U3A4Bxe3BgfE367T1Jc77X9h7tAUYxnUzGZe9f/p+n:WA4Bxe3Bgf66X1JcFh7hYxn2ue9Qn

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2