Extracted

• • Target

    f0b7f934e5b401f911b191ed3987d8ad3d3ae23e5dd22892b1250320c48acaed

  • Size

    1.7MB

  • MD5

    35e53643fb34c04227b74ccc8609dccb

  • SHA1

    6d893c99eff8be93dd5ecece857b3a45ecbd84c8

  • SHA256

    f0b7f934e5b401f911b191ed3987d8ad3d3ae23e5dd22892b1250320c48acaed

  • SHA512

    dd0118868af3cbe60fdb127578159189105826a9ca51403413905927741d70517203469edb84bb83d95efcb7bc52c9b6f16aa42befb4ab04b34474674beed04d

  • SSDEEP

    49152:9hcUID8My508rA67jfCr8T/xbazeqYPkRiv:9+QMTEAKzG2ZbdqBi

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2