Extracted

• • Target

    e262d8fac48c3b1aa5b5f71de25241d9cbcb00a75491059d89ae1f515d8a31fb

  • Size

    5.0MB

  • MD5

    1d8685567ae19efab18791b3768db057

  • SHA1

    961ec97e73fe3a60c72893a452cfcfd5c9200582

  • SHA256

    e262d8fac48c3b1aa5b5f71de25241d9cbcb00a75491059d89ae1f515d8a31fb

  • SHA512

    d6ff022fba08b20c45c0b6384157426555a89d0d4c55105e1b0d7b13fd57ae475ea89aaa02d6463d89b5514693a02b12313be4944b2f8cd1e97e883de299fb91

  • SSDEEP

    49152:Q4UCK8hp5IrdmSheyJLJTDJK7lgygHPXC2U8E:Qp8hp5IBDe6LJTDsWygvdK

  Score

  10^/10

  stealcstokdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2