Extracted

• • Target

    bf9f90d33bc9105a3126f0d01e5fff98dafdc83f7d027510100f1b83aad7ba9c

  • Size

    1.8MB

  • MD5

    25ab4e70f03f24ec678b0567de43dbd1

  • SHA1

    a7b2e3aeb5f285a59e63301e7bd088472522d0d8

  • SHA256

    bf9f90d33bc9105a3126f0d01e5fff98dafdc83f7d027510100f1b83aad7ba9c

  • SHA512

    876cd035eeda9efafc69d5bed8823c9b8c80fbd271f43b65f37d367f604d4c5f2503414d2733a16e5d882689387af246ecf67ca5bf9d910efef05b61260bf01a

  • SSDEEP

    24576:NCj6auaenjw2qahBxutnG2PRQ3VmlmIoSqHpZve5qyzqMgbHNjNqu0QcIr2F:NTau7zTBxutnnd/qJkULzqu0QX2

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2