Extracted

• • Target

    cb7a438a0701c7413b144b78f2029a1dd5a5b0c071db4534113328c5972e0018

  • Size

    1.8MB

  • MD5

    31228ef3dcc7c6df49b20a94da118106

  • SHA1

    d1509917e7ba4bca134c0ef95a9df5318c078cde

  • SHA256

    cb7a438a0701c7413b144b78f2029a1dd5a5b0c071db4534113328c5972e0018

  • SHA512

    a6ae041376a1773a39444e9519d87ef07fc983210b4ffe8e9fb69ca4846ad2c2abc45eac97e1e46ab11c13100b392c90d58613a7fced7c55b92bdf47f96ef639

  • SSDEEP

    49152:uX6JypYYcwhBHXdTXOyVKmHBDmb0QBASVnT:focwhlXZtMmhQBASVnT

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2