Extracted

• • Target

    07a8758954b9cc3b78209d673d5c20849a37c5fd1094034b6f105e0e82242bc2

  • Size

    1.7MB

  • MD5

    ef60cbd2917e8096475b0b1223c1c086

  • SHA1

    8482bfdd7424cb4ae3e41a5ecf008f0e14d1c692

  • SHA256

    07a8758954b9cc3b78209d673d5c20849a37c5fd1094034b6f105e0e82242bc2

  • SHA512

    f32f1d7cae9ab00b90d26e11e5870590c11765882a8559a405ab34d04da6c1c58f09005535d9c3b835c5a9200e1f9d1ac0655e907231c8a617ad8f2b46eacd17

  • SSDEEP

    24576:Sv70+nQ6iQikvZths67z7CyhpAwpzyVna+5ZJwBAM2ORmzkxWKTeLtU2vNkYO4:GnQ6iO1Zp/wda0axngeeBUmKYO

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2