Extracted

• • Target

    795d7adccbd9c808ea9c70266476c67c9a411cdbd3444ad359dce618719bac60

  • Size

    1.7MB

  • MD5

    8259f3a2c31ac4637c4d87fc93a42868

  • SHA1

    3b398ede4bf6032d6aeb8d1a3e287d7bd959a034

  • SHA256

    795d7adccbd9c808ea9c70266476c67c9a411cdbd3444ad359dce618719bac60

  • SHA512

    0a831e3b71e58331aa767b9a12e115369cd4ab0112df01b4f01809e03e5a294ea43071c1bc6247ed73e1f1f3098d405a4bf7b377388c7bca41abf9a9c94697d4

  • SSDEEP

    24576:Lkd1eu5DTSnJ6XfZXLn7FQu7pXWuQQPrKNY+Q0Pa+ndYT1GdU:LXeDTwJ6XfZXLautGmuJy+61y

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2