Extracted

• • Target

    fc1e21104ffde1491ad82c570cb41d09f1866ad43bc3a4d59a147662f15409d2

  • Size

    1.7MB

  • MD5

    7adcd167b8cf60515a3ea59b9be4fa8c

  • SHA1

    10ea5e139314936ca636c1d7f6e5658d2511879e

  • SHA256

    fc1e21104ffde1491ad82c570cb41d09f1866ad43bc3a4d59a147662f15409d2

  • SHA512

    d3da19236100068384a766d63e76ab184695e094447507c24f3da9a57b6907b435fecb82a432eecc6aafce88b3596b3e5e237b81abe2d1c383a6d98b9b45f651

  • SSDEEP

    49152:JZb4juGdIKc6DFoBW5rGUq3GNloMKxHHqn:JZb4jdW6FoBW8yLogn

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2