Extracted

• • Target

    840eb3ad83c9b698c00b959ff21b69bf8a7623cf3089de64ca62f76d3d212248

  • Size

    4.9MB

  • MD5

    ac83f35170e7e84000cc5a17472be30b

  • SHA1

    21338733185cd448038415401df35ac859fd9786

  • SHA256

    840eb3ad83c9b698c00b959ff21b69bf8a7623cf3089de64ca62f76d3d212248

  • SHA512

    36346d1cb124ebbcec4b4733dc28b37bcf376802345024defb0cf51154c4c30514c7ffd66a2bb615660d5bef501f3120a5456808b2a4de0882677c925d292a4d

  • SSDEEP

    49152:C3ar34dAX4N4GadW7NMdrFq+Sj305R6BrOBU/B6:C3ar34dAX4N4GaINeFq+Sj30grsG6

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2