Extracted

• • Target

    573fc7284a73ec6c0e91b3345398f4fd3e95cf844478e1a7e5108be9b830649d

  • Size

    1.7MB

  • MD5

    40399761773e9f8ccc6cd5acb5989a8e

  • SHA1

    b303e638c514e49ae097b41ffcd3799a92f31e6f

  • SHA256

    573fc7284a73ec6c0e91b3345398f4fd3e95cf844478e1a7e5108be9b830649d

  • SHA512

    5940b2ba6603bf9c1a39e56cc3107ddaa8c24e0d72babe4d4d47bcd91a9213d777a85bb2f0c60b04b249846fdeeb59e27c49e7f31d3a1fab96f00d702b115885

  • SSDEEP

    49152:c4rF3J0SdMVWx6u7I+NLLgYFwUDE6nSE:9JMc7HgYF7RS

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2