Extracted

• • Target

    c9b7962d520c5a0a1067f8b61c08ed27b23387ee910b2b0f328fee3a3cdab9d3

  • Size

    4.9MB

  • MD5

    6b80064dc2ce990d86dfe626b049e4fd

  • SHA1

    086b7a4ef8878371aa32673af2365d562f3179d0

  • SHA256

    c9b7962d520c5a0a1067f8b61c08ed27b23387ee910b2b0f328fee3a3cdab9d3

  • SHA512

    38c71885521d916f69d2cf21055d3cf9e212c67c78427aca2fe5559c14fb8e7f065345502f2354567f5fa58c329adeb66d01f911faefa28e34bed94478bd713f

  • SSDEEP

    98304:2qYmylwIJ31NFsPu7MF7ft6N6FxLFxmI:2qYmf7Qk6OF8

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2