Extracted

• • Target

    b760368d6334177e98622678773c6cdb2a7bd3daee1a239905d660d30ef7dab8

  • Size

    5.0MB

  • MD5

    eddd11483948341d3e23633223ea9808

  • SHA1

    f547c2115b09d3c59c80472f03731dde01214891

  • SHA256

    b760368d6334177e98622678773c6cdb2a7bd3daee1a239905d660d30ef7dab8

  • SHA512

    a106e15e93c8f663ec69b368bf500cbfdc2f3a259190c05b740b99084cba562e4d29b412156de662807787ebc01b19c2bdffe434f938b9cbd3eb163eb69795ab

  • SSDEEP

    49152:aC+kNNNNNNN+FkhL7a+FySmdJpN53TjFuTW1SKD5/kv4TVOnB:SkhLVM5dJp7TRWW1Swe4TVeB

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2