Extracted

• • Target

    47d77bb280258462a3d18819b833497475eeb5daf4e47468a26dd5259a70ca6c

  • Size

    1.7MB

  • MD5

    0ada980dd79fa6a2af9e4350e801f5b5

  • SHA1

    73a2486075f997f1ab43a4aa7d0b09481f5c2f69

  • SHA256

    47d77bb280258462a3d18819b833497475eeb5daf4e47468a26dd5259a70ca6c

  • SHA512

    540b96a86bd279d92519fae13bd16eed77ff486ab9e7764d129bade64595677d6b885d5ea53e5882b6f6b67746ffab5d81c17e0eae29b98b0649d83a93932fec

  • SSDEEP

    49152:a+Zmc1vJeVA2Pn7jk5N7ODhLi5dThhZt++:a+/1x5tL7KhU++

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2