Extracted

• • Target

    1e9ceefebd0caafefbe565a81a7bb3e065d29a5258adfef8f1f9f80a1a626987

  • Size

    1.7MB

  • MD5

    e4b77cd011e9024ec2d44f37033c357e

  • SHA1

    443a8932f7792aa6bfa2be7f575e01c54bba6850

  • SHA256

    1e9ceefebd0caafefbe565a81a7bb3e065d29a5258adfef8f1f9f80a1a626987

  • SHA512

    2c1201c74c6fb6484926106ee64f1fe017c53b26465de8cf20ed4c5adba0af98a94bab5d7d32c331990efdf618abaa963483d5b789f1967925548fd5fbd2d3d6

  • SSDEEP

    49152:wwFYNxIWFLqp9cW7x4uW/9STNuC1L1jrR0YfLkj4c:wbvFuh7S99STNuC1ZHG7

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2