Extracted

• • Target

    00c6faddf5024f7e86982555b8c8ccd902d3c782591d33c9c8082c10b45ac94a

  • Size

    4.9MB

  • MD5

    62e52b135481085a1aae0e8155f1544d

  • SHA1

    bd539a7ea4cb05ffbea716ae7de407159cbfa5ea

  • SHA256

    00c6faddf5024f7e86982555b8c8ccd902d3c782591d33c9c8082c10b45ac94a

  • SHA512

    35057d291d14037c7e761e93fd7481205c1b5b12e8bc5f8b9b86e8ca63bc46a29c558eb1cb8b877a30fb102ffa6779e331cff449c6177f4a06fbe8c12919d4cc

  • SSDEEP

    49152:rlBLil2RyUFD5tcc/2X233GQ8LSn+1w0:rbLil2kUFD5tccem3dM

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2