Extracted

• • Target

    10cb192d70fed12a6376cc0c693c08aa8b04973c8aa1c319b8d9be9cbc163e6a

  • Size

    1.7MB

  • MD5

    48ec6e9362bfd15ded182914ddb1c74b

  • SHA1

    169da3cabf77daf6885c6f47c1e1e6d223c63140

  • SHA256

    10cb192d70fed12a6376cc0c693c08aa8b04973c8aa1c319b8d9be9cbc163e6a

  • SHA512

    c48cfaf1daa8a1ae20b81f0360fc1bbf1f49c822bf53b7306a8d0ef9a5b2552cf03a9a1acc79f5f8cd9531f066e2a34a00dc2040a6711ec3b439b7f318eed427

  • SSDEEP

    49152:O+tEL3wUEM2sdzeJgVz/nSbp2d1AkkMsmXtrSG:I38MbAgVznHk8ZS

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2