Extracted

• • Target

    61190c99bafae4a9cf90bac8d5b6658438fb838526b13a5a61283c550f849658

  • Size

    2.8MB

  • MD5

    3e118a7f3395ee4d0d4ca131ca3847bb

  • SHA1

    91616b7d42259a58b2766306dddb53b4910b23b0

  • SHA256

    61190c99bafae4a9cf90bac8d5b6658438fb838526b13a5a61283c550f849658

  • SHA512

    ee3718a6e2199903147e05dd2ac2e844843310c59a46d1c96fd0443effd32ff562dc589cd42a05fa13120ad9c60a9de62ff02c243096e2970dc3f349cdef5de4

  • SSDEEP

    49152:Fs9t+v6ZgxSYOJsjWascaznymrLXCkufpZCVE0rrucnTBMCJ:Fs9c6g0YOJCWtc8nyhkwZgycnTBM

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2