Extracted

• • Target

    05343de2fa22759f7798822309df8454aef0d84642e5664d170c33afbf282efb

  • Size

    2.7MB

  • MD5

    8bf31373171b9a05a2fd3f0c758554df

  • SHA1

    2ac256d183f41e845433a542e0909ce6c23352b5

  • SHA256

    05343de2fa22759f7798822309df8454aef0d84642e5664d170c33afbf282efb

  • SHA512

    9d6a57c4a33fcd19299db46d2486aed3128436f60d6861f2c08762280326b81697c3e1bfde1c861811557b669a8f3828a1cad1f8a78dd3c126cdfbed5bb6a35c

  • SSDEEP

    24576:zKD/5WNAFBKQePudF3QoCnzQsHTaz55Ipc6TDaAFNlWp+XbPoJ6+QwGA/ZSW0fud:Q2QBQzzNTGkrMQbuFGfWJuIfX5

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2