Extracted

• • Target

    308d03c0a0145f5b8ec0483534177c69ccf41ec103da8648f5b7fd9de50db2a4

  • Size

    1.7MB

  • MD5

    1010fe1b9353aa5fdbed0a82c5cc27ea

  • SHA1

    61a021fbdfe2f0a30f35080c9b37901e871f7a55

  • SHA256

    308d03c0a0145f5b8ec0483534177c69ccf41ec103da8648f5b7fd9de50db2a4

  • SHA512

    f2b175cca0baf75315226284ea8db26ff89f25d7c596e2e007a473dd8ecf066eb4bd12ffeef88c21073d68f965d8d15a3cb07b6615226e228efe87c2f8d89522

  • SSDEEP

    49152:Ag9v2aGQgJVDPOVGLrKzQUscF7qIplWYRX0p:6LmVIdDchq85VO

  Score

  10^/10

  stealcbratdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2