Extracted

• • Target

    3b9bc6e05ee62378e410da9f5a418f4fae488a373f43346e8e15bd13f500e593

  • Size

    1.7MB

  • MD5

    43ed51fc8168018abc0cb9c2b9d3bd47

  • SHA1

    373989fd4b669d1ac6ffe20480b904bd3cb4d72e

  • SHA256

    3b9bc6e05ee62378e410da9f5a418f4fae488a373f43346e8e15bd13f500e593

  • SHA512

    caf21bba0745c8fda4e0e247bb6130cf0629505bf491cb22864fd918b876faf92202958ee19d21399ba7d673968afee7bd52c70f30d7ac27aef83a1cb85863eb

  • SSDEEP

    24576:bMHl+xo+4lXqcT02lzscVnvgrYp3ncm4EfpTIyaYxzJ6yKtT//Ku2+9kCxc:wF+xos2lzLbx9pTIyaW9655W+9Jx

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2