Extracted

• • Target

    507d6beb28401d2fbe5f72313c25bde0e47d268bb88362866c63af42b8d2e863

  • Size

    1.7MB

  • MD5

    be29ae42a9079e7e1f78ca2cc117ec36

  • SHA1

    cf3453b463de1e2904eb6468edad9a30d222243b

  • SHA256

    507d6beb28401d2fbe5f72313c25bde0e47d268bb88362866c63af42b8d2e863

  • SHA512

    55c0ecf0eab265757ebf9147572e0b43dec76005da27cec81b0d58abd3f98f2d42b9821f928313f22683fc4b36eac3848495cc477f4faf5656597ceb1567cc7c

  • SSDEEP

    24576:aHY3/O/L3/4tvPfWsM8Ra3SSohrlV7tp9MVNZAHVGZUGGi35phJxRLl0pE8tacRY:qCkL3qvPBMN3qplDp6Vn/ZMOzuigqIa

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2