Extracted

• • Target

    174c1f2d46b88808d787fc3a990faab49c61e37bf1ac7e0a454cabd37b2d9530

  • Size

    1.7MB

  • MD5

    3e0ccaeee3ee14207e81ab27f3a43e43

  • SHA1

    936780a5e957be6eb28ef9dec1fecb89af62cc7c

  • SHA256

    174c1f2d46b88808d787fc3a990faab49c61e37bf1ac7e0a454cabd37b2d9530

  • SHA512

    98cf1537b1f715fa2ba8064c4350cb739143eb199479cfb02b3c4043d6908d1b6582436fa7f2277fa7caad9d60e9f26d6b761ae9a859febf6a51ba56bca80b87

  • SSDEEP

    24576:pyALr1LPxtZm/x1rruzADmDUefQ3qTCznxvrEtgizTrtonREeHa+noWawWadm:pn1bsxpSge+wW6vtuRZa+Iwbdm

  Score

  10^/10

  stealcbratdefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2