Extracted

• • Target

    fd371ebf182a4ee861600a13962686f2ebcc4acdc44264dd943d8f28a23e3a6f

  • Size

    1.7MB

  • MD5

    1a24532fe914ad7a7806138576069e8c

  • SHA1

    c9f96456911cd35c972744618bd69cb22372fdc9

  • SHA256

    fd371ebf182a4ee861600a13962686f2ebcc4acdc44264dd943d8f28a23e3a6f

  • SHA512

    5cdda166f25554cb447093b6c0af09f73dcb71d08053f840f2afd2c27aabc75861f64d2c99a48a70257afc5a403dfb532bdb6c4af5fa6d2c42a1310f57ff0e26

  • SSDEEP

    49152:h7t07DuLchEZOIiMcNu5aUW5fd4KHLEOvFB+h3:h7t07Hhsiju5HW5foY3M3

  Score

  10^/10

  stealckiradefense_evasionstealerdiscovery

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2