Extracted

• • Target

    84748543fb2eaa8b32a422616551f3a29697814581f5b08818c4e75a17cfde0a

  • Size

    1.8MB

  • MD5

    02e4fe04a3d664797bf0d07dba1f5f4d

  • SHA1

    f9f3f32bffd6414bcf37e2bc50a73dccc50aa35c

  • SHA256

    84748543fb2eaa8b32a422616551f3a29697814581f5b08818c4e75a17cfde0a

  • SHA512

    f57c17be38b3021eeaeaeb79c8905987b1984f41fb5994c06d9ad16911d5047c5d4f12252a52eb0108a6073b437f43a3878ff98514d198b6c8445b279f33f0d4

  • SSDEEP

    49152:Wx6zBehT4OGX8KqNeFEihNyHB7u2z9xh9G7q0:WUOiMpaEihNmBXz9E7

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2