Extracted

• • Target

    0c3312cbb3b530f6aee02e3206415d863e580581f19145b20da727f7181c07e7

  • Size

    1.7MB

  • MD5

    bfb44585c36cc324b7025294f0d2aee5

  • SHA1

    591e6fe4ddf160370fafd43b499a606ac26086b4

  • SHA256

    0c3312cbb3b530f6aee02e3206415d863e580581f19145b20da727f7181c07e7

  • SHA512

    d3e992f6060072fb775818b5dc4004a5c5ec714b8d3ff4060fecd90f86a339762a556a1c88e14fd0d597ce25fdc092a3e3601d7618aeb637fc52c58850ac4961

  • SSDEEP

    49152:l0rMAD9+Df1WU5ruQacNOJr03s7cdQDZ9L31Pq7m:oP+rruE217Zj3Uq

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2