Extracted

• • Target

    9d994571e96f3720c5a9b82006bd016a8bf477fda01e7b05454c24ca970e635d

  • Size

    1.7MB

  • MD5

    468039813269305131d3a2b0ec2d3c0b

  • SHA1

    b4c04c9e10f9424bb619a573630e3a57ae6e7f88

  • SHA256

    9d994571e96f3720c5a9b82006bd016a8bf477fda01e7b05454c24ca970e635d

  • SHA512

    f85bac09aa238602bda4da2f0defb16db50b1cf94161f626216c7ef51764045702e0864a6acc486e27f544b61bb0992cf7190dee818dea3b6450afbf4470b17b

  • SSDEEP

    49152:gSf/lxM6Hz6iBLhqyMAVSuKk4DnacR2dn37GCJzKpbd:gSVcI1qmcnRQqC4b

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2