Extracted

• • Target

    020aa125186dc3997ed9fe6c16a1779662444e2eb74bf85a93d346a4d8c3f1bd

  • Size

    1.7MB

  • MD5

    e0f6268cf0818db910969f6288089f34

  • SHA1

    49bb66a98d4ec8e1f21c00d141a4d4818ffeb15c

  • SHA256

    020aa125186dc3997ed9fe6c16a1779662444e2eb74bf85a93d346a4d8c3f1bd

  • SHA512

    d79472b428b45a7496ad41e9cdc049e9d1312f5d6b8b7b17eaa7f315068f6e717514d2b672c6b0e141445230edde7075fba31a12c4d4f9a5887885c7c822a3bb

  • SSDEEP

    49152:RjNI8QUJLnyPuDCU1PdYMhOKpm8HlB5ltc:r1ntDX5dYMhxhLrt

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2