Extracted

• • Target

    1214a691efd98b83282674baaa1a5be570284042d3bdfc91a976596e2bdbe22a

  • Size

    1.7MB

  • MD5

    886eac4e22cdf05dce522b9e869981f7

  • SHA1

    63b6775acdf5cce4a50ffe8c268cef486e86b389

  • SHA256

    1214a691efd98b83282674baaa1a5be570284042d3bdfc91a976596e2bdbe22a

  • SHA512

    fa9a60b84d16f908a3bd4a86d2e56a712923a60bd79e76612c817913c63e15139b2ac05d8d75cf7f57fa45272db56c4a5b889160249cae394f803c19c267d9cc

  • SSDEEP

    49152:K009Gu+SOvoRO8DrCcnS9frSEtcCTYiBPzu:F8a4rjn0fuEtc2J

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2