Extracted

• • Target

    1650f242725aec5aba89cbc5e9b748a334bda48fe4a029c9297e3bcc4f78b4b9

  • Size

    1.7MB

  • MD5

    59add61cd1fdbac411053af313fcdf74

  • SHA1

    4c44140ef8cb8e742cb93695e9688a7385b01b70

  • SHA256

    1650f242725aec5aba89cbc5e9b748a334bda48fe4a029c9297e3bcc4f78b4b9

  • SHA512

    a12897cc5d803e9fb7ea85c7a2decfb51c315ac403634caaf53bfebbac43e5a65ecff42f48d0ed9cec33be6144f17a34331246d0157c46cb48aed7b6a0c0fb9e

  • SSDEEP

    49152:n5Y6DPK0IjUf2cBYL3PPfraMBR39gHxOwpb5bwpgXC66:n5DzcAfUfr3RyHJX+

  Score

  10^/10

  stealcbratdiscoveryevasionstealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2