Extracted

• • Target

    5c26d4444e2bb551bb131508e96e8deacb4e63fc67c23b9349831b66d60863f6

  • Size

    1.7MB

  • MD5

    7c6aaebcd3a6bd3573bfb028561792f5

  • SHA1

    ff5c829dc55fc93598f30368f3926f1e4fbcb170

  • SHA256

    5c26d4444e2bb551bb131508e96e8deacb4e63fc67c23b9349831b66d60863f6

  • SHA512

    a34ffec3999218fc3824c42ff0bc053ba4b3635aa3f89f4cd1a7dc48ff0c2b93c08a6e082e298c3e2f64268daf8edfae5cb3934e5506d96293fee79f87140da4

  • SSDEEP

    49152:8UGTSncsebCuXVvonmNTMjJXclNbkB9Jr:8UGuevomSjNEc9

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2