Extracted

• • Target

    f40d7d9ce832ba5f6a79f336dcb9262468be0222bae0770f9a1c2e7abfe686c4

  • Size

    1.7MB

  • MD5

    cae954501ce8456fce9b5a8092a3b943

  • SHA1

    f305a992b3e43fefead18c67512871ad05bcea4e

  • SHA256

    f40d7d9ce832ba5f6a79f336dcb9262468be0222bae0770f9a1c2e7abfe686c4

  • SHA512

    a7a4ddd819e2e41e647d80180e01ae21d2ca24aa39f4025ba68dd03b4f300c620c2a166cff7f1605c61a26422b418ab46e680ecafd8f7572c330fa1cbea4900b

  • SSDEEP

    49152:AsVHDtXyPHaJuUSMidnGpOEb2vBHC/8jVQqb:bFtCPHM5WnGnKvBieVDb

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2