Extracted

• • Target

    8ea8e9c3115840016f5992a8a5facace35cc851e47e9b6ecb2ab965c8a7e05c3

  • Size

    1.7MB

  • MD5

    56498263dcb52c53604693d0d1b2a81c

  • SHA1

    c3e415877fec0f6911079de9696c65686ee87575

  • SHA256

    8ea8e9c3115840016f5992a8a5facace35cc851e47e9b6ecb2ab965c8a7e05c3

  • SHA512

    d5ec90c9a3de408a349f0a72aaba54a502d41b21b83e8986a4064151f1f81d771431a78f797b48da40f20cd09093115aacaf48dbd1f3858e63b2f5a14bf81c62

  • SSDEEP

    49152:HPJym/XZzyqVd599ZUMOW1cf12seKDAb:HPJX/XZ+udZDQd2seKDAb

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2