Extracted

• • Target

    31d96e85f40cf3a9ccb9ba88b10a926f805f029438ec46d86fff89c9fba5b30e

  • Size

    1.7MB

  • MD5

    022a715451381bc483237789bcb7b764

  • SHA1

    77e6f11ab81ccafee442d3d32459e0a6afe5fb8e

  • SHA256

    31d96e85f40cf3a9ccb9ba88b10a926f805f029438ec46d86fff89c9fba5b30e

  • SHA512

    07f35c6bd0b8d959a43754ab4add21fcd4b76426d1001630fce801da160a67f829a1a3ac1424731002c9117557e4fdb9fbe1b2a9507f2b56842762bbbf7bcb41

  • SSDEEP

    49152:m6tG5xgs0TcMlhFvzk8TLcQj2UyOjmboSIC:1Ygs0Tdh1zhLT2UDjmboSx

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2