Extracted

• • Target

    f5b05fca08794f227270a0a6cba86a6a6ae33ce47218c2e73ac081859310d65c

  • Size

    1.7MB

  • MD5

    2bbde981b3bdc74655574d8b8d7fcdb7

  • SHA1

    37c5568c9a0e74d56639eb9b760d7aedcd7b8fa2

  • SHA256

    f5b05fca08794f227270a0a6cba86a6a6ae33ce47218c2e73ac081859310d65c

  • SHA512

    1f0192ee442470c6faafcbc6b5daf44a5147c30e07a5e018a0d9392079cdce187208a7a24e85f74fb7faf4d0847096cb36c1db307d846e237026d50999010370

  • SSDEEP

    24576:93OU3w5h6LPhwBC5ipltwwWbva9nTwdO+rjdHhFzyoRZ+xn8d0GxaxdMZtoJ6S:QU3wd/l6w4iiOM2U+xnq+sti

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2