Extracted

• • Target

    f5fb72ef564b0486ec065be745d19e46df2cc6e330ce50f507606a140dfd4ce8

  • Size

    2.7MB

  • MD5

    706812bdb8a6402e3057822ee441bafe

  • SHA1

    94d9f73fe881ff6b8dd5d74d7b9eb99d17820097

  • SHA256

    f5fb72ef564b0486ec065be745d19e46df2cc6e330ce50f507606a140dfd4ce8

  • SHA512

    40288ef8ad8e99b502277289c1e630f70b7fb8446ae4ea65f9b530642e08a413fca89e9bc1498e1a54614c8d044e2a131c3fcd6bfdf361e0feef1fea553d8fd1

  • SSDEEP

    49152:LquX/r8KJCuvd6IimIZBZTrw7PELcDi/4sh0:LL/r8KJCk6hmyZTr3LcO4

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2