Extracted

• • Target

    3e6670b28e6a555a94c2b6dd9c5159bd2d0f0fd80d1c768f332b256cfd8a06e5

  • Size

    1.7MB

  • MD5

    774b886af101cbd81218638ff8997b1c

  • SHA1

    5206f2bf6c12b0a89e64d2a4e6b7eca76ec91beb

  • SHA256

    3e6670b28e6a555a94c2b6dd9c5159bd2d0f0fd80d1c768f332b256cfd8a06e5

  • SHA512

    4d0e0485f2a2c3b7cefe18fb0a9ca8260fd26f3e40c8029f8813e2d47686fb74b6ffae8fc859ddb77d56002e181642dbc71f06576b173bfd0b0ab650d03b92ee

  • SSDEEP

    49152:GGuQwAOVggl6i4jHRX0S6dtiWjOIg1t/a:GGHwAOwiKHRE1e8gy

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2