Extracted

• • Target

    c2c8acd55d0ed9e9eca43e385790e8d584487b61d8fe5a216b6b5fa7b4052d10

  • Size

    1.8MB

  • MD5

    d6dd7c1b23bc78f4092785c0696aba19

  • SHA1

    b82f072bd4e6b09e7efe0e1f378089ea903ca0a7

  • SHA256

    c2c8acd55d0ed9e9eca43e385790e8d584487b61d8fe5a216b6b5fa7b4052d10

  • SHA512

    9fea5f0fd797941c78b3465d3d4f3faa482834dc0c461eb59dbe15fbe4f48c2667764313823bcb64ae5773a771a5e534f619fa5ad5927bf04069d2701b77d3e3

  • SSDEEP

    49152:yNm+4bLB2qy48kWbZnUk2oHF1znjB6ZlV90HJn:Jn3B2lnbbZnUkDl17jB6z0

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2