Extracted

• • Target

    18d7ceccbd10b04d451cbf53bce1a5ba28e87052908905759721569d50f07cd6

  • Size

    1.7MB

  • MD5

    47f94cb91b62a1b8c15cc59f00620295

  • SHA1

    69b7205921385701da2ef5353d4471bb908a10b1

  • SHA256

    18d7ceccbd10b04d451cbf53bce1a5ba28e87052908905759721569d50f07cd6

  • SHA512

    ec415675d3b1f68b47dd9a4d7d22d2cf9c58affa311f85cc23584206d75f7afd4abc493b03f7c25f07554f75c3a8d11fb7a9650900d4518901279748516ebfaa

  • SSDEEP

    49152:LO9TucCpevSsXXaF71JCxhswFk12Idco:LX3pevKTCxdFk4Eco

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2