Extracted

• • Target

    e645023ff456442664c5b14a8c752bf67a731a300a18358bd31362f79bab1bb5

  • Size

    1.7MB

  • MD5

    a2ec3d964eca6233ad8d42ef1a09b9d4

  • SHA1

    b99c1f510c3cb02f6fabb77ca1f9bacf6580417f

  • SHA256

    e645023ff456442664c5b14a8c752bf67a731a300a18358bd31362f79bab1bb5

  • SHA512

    d9aea38501423c26a6ea7c227abd0bed1cb7bb7901a1e9619758e997b4c233d1334de8021f070d66b8435bb3a68cda3056212fc22df118c1d166419ad781a837

  • SSDEEP

    49152:Zsf5qDBi7QT33ed1MO7So7qw0tse15OszK07:ZsxIvj61MVo7qw0yebK07

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2