Extracted

• • Target

    0522d6cc5d6faa87342a6da57a35ffc3c0f010c0d338683cc61852975b005f65

  • Size

    5.0MB

  • MD5

    f22722da7b1c90fecd83c31d36b340bc

  • SHA1

    c4ad86cb51e6500efebdf881766bce37a91df23c

  • SHA256

    0522d6cc5d6faa87342a6da57a35ffc3c0f010c0d338683cc61852975b005f65

  • SHA512

    e174acae10cab4ed053f3c762aa97715374333c655afa3372ef62de0241d32c6d26ebf39aa006a2093f982344f7b3024fe3d57141c91bb42cc6a9efc0d9e28bb

  • SSDEEP

    49152:7bwYmivCf29Vlkm8KYZzMrSd+mymkSS+ffK:fwYmivCf29Vlkm8KqzMrS4mpkSS+

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2