Extracted

• • Target

    1db3fc5386659d850ae5a13b8d7b8b69ed0ddb99255d676df342be8f0f95585c

  • Size

    1.7MB

  • MD5

    bd1ed1a084ac914af5d9e8f2af09dcd3

  • SHA1

    4826b1766c567f59b998cb2af722d8d947549bcd

  • SHA256

    1db3fc5386659d850ae5a13b8d7b8b69ed0ddb99255d676df342be8f0f95585c

  • SHA512

    d6d3c17f8a757e5f4b416963d9f6526590c051e7dac529f72370a97b8d8014f76ac037fb54a428b0085e12e26ad1deb4f6f72419042ba60beb692d01fd7e28c1

  • SSDEEP

    49152:ullYitxhmA//clb9zbPIXWlqZYUso+TlsgS/iGkW5xc3:ull9PN//gBQXW+YUsmAy

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2