Extracted

• • Target

    76d812adc309bd9fdb8f4eee84ff00bab8b539ffa6b5cc34bd6f6e8345b9955c

  • Size

    1.7MB

  • MD5

    1548ce362249981d26fda4ef4cc97386

  • SHA1

    5c15f28cb0a1d4ed19f3b932f0a34c47ff2f6110

  • SHA256

    76d812adc309bd9fdb8f4eee84ff00bab8b539ffa6b5cc34bd6f6e8345b9955c

  • SHA512

    f6e58f6c9c898964760bf83c7e308bd0553cefa90b21d9d8a980652766c399a118f2d290823e0b8b46cf977cd60d69269a00748c46b7e0aba5f0d23b42883d56

  • SSDEEP

    49152:hbAD+1OXxY/Ddyw1hlP+8uyTgIkJuWENaJ0X5Mu:hbaN4FDVuyTRao

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2