Extracted

• • Target

    2dd8fcd44717498ad0012a0d3d14741f3cc5a5e91d445706c4db0e2d6290e520

  • Size

    1.7MB

  • MD5

    2df287576896c4bcf8a47308a90e1993

  • SHA1

    be99b43722f1f06c4afe63fee439cc1c55aa9de5

  • SHA256

    2dd8fcd44717498ad0012a0d3d14741f3cc5a5e91d445706c4db0e2d6290e520

  • SHA512

    d8e289ca1f6b0233bb2002fe0bef3e4d5d60b9b0077a0b45bcdc4ce6ca0a6d13478de79d6a9f3ce4fef1b67228f4384ee0cdb028ff5527edab00e1935722ef04

  • SSDEEP

    24576:HiH6aL55HAQEDt9/QL//6fx9GKb2oH+epxZKm/AMMa0Pgg2qGYIcHVuSFC4G:HiH6aL5trXyGK6u+Cgm/ANaFNeHVpER

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2