Extracted

• • Target

    8019c360ae5efbb430b054821191847452cd2b17868401b126d39171a0b9ec61

  • Size

    1.7MB

  • MD5

    253d390f37e89a62253da0d299c56ee6

  • SHA1

    de4c42e88ae58261296f015cab9b614272601218

  • SHA256

    8019c360ae5efbb430b054821191847452cd2b17868401b126d39171a0b9ec61

  • SHA512

    8fb9959305ddea682555650a62df5d458b377ed3aac96dc8b07f2a1dc7fd2c6b882ab93753908cab5d19f291a477323d5bd7a8eb93b1fba87a363f331778338e

  • SSDEEP

    49152:4LtpSCeQ3twsi63UJX2bYG5uUxfdRE0Vx2:gKKK63UJGX5uUPRj

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2