Extracted

• • Target

    f6ba046ab0fe30b63d4aad134e666f63130d4adf2782a48bdfb904e3a6eef643

  • Size

    4.9MB

  • MD5

    48575481fb3b42ee40e6e2076c17428b

  • SHA1

    d5fca3c02ab4c0ae6d6a2701008fdeb4f5bb78e0

  • SHA256

    f6ba046ab0fe30b63d4aad134e666f63130d4adf2782a48bdfb904e3a6eef643

  • SHA512

    131c00189e25ad2bb8b096df865352e3a94d71ff84e5fffdcdaa1a7413e9bdb5f6b9f30567a9a200dc942a93ac06f72c8480189f86ae2b5b2b57e24287b355e6

  • SSDEEP

    49152:LC2t0h43r3xQ0wG/S7YfLj7YSFwwcvwsj:LC80K3r3xlwoSkfX5+F4

  Score

  10^/10

  stealcstokdefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2