Extracted

• • Target

    25eb452cc6bf5d2e902be00abfb7ec85bbe37ba570a513e2a022a70e22d10ee4

  • Size

    1.7MB

  • MD5

    8027822815cb0b811b037fc3b6ecc8ca

  • SHA1

    d15f6a1410bedc1613adbb38ef7d8e3885ee9aa1

  • SHA256

    25eb452cc6bf5d2e902be00abfb7ec85bbe37ba570a513e2a022a70e22d10ee4

  • SHA512

    9808345138463ec2868c68f35d796385f535de4ac24c69f99a2c816e1a0f22220d59fbe0318741b6bbc9f5a922383da8579edfc707777ce4e06e848d3c884e0b

  • SSDEEP

    49152:v+ejIGhXgwR+ms4urc8AS3rhHT1lymdpL8p2OdsIayYWW:5IRqls4/AJrymES5

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2