Extracted

• • Target

    d56b67c02d720f7cb8ab3c6fa4d1e866e73e8cba6b2639c24ca90337f37c3ad8

  • Size

    1.7MB

  • MD5

    688f1ec9a89efa9b837f53ffdc8b6079

  • SHA1

    149ce4a2d9ab8d02b15f1902ed2e76d795f3c0a0

  • SHA256

    d56b67c02d720f7cb8ab3c6fa4d1e866e73e8cba6b2639c24ca90337f37c3ad8

  • SHA512

    2f5fc9a2c8fcfe385ceda63e90d3c1b186fe34a4748583185ae2c6b55c8f9703906d9ce3cd7e1c30d202ee696ac56d9e714d37ec369816d8bd3d49a91a3f20a4

  • SSDEEP

    24576:C3DinT3ssdpeTFHUgZOubfSzaMm0Lui3XGBsvIAinLaEJE8FEiLrCGiRqrp4yjDo:C3YwsdYTFHeS56o9E8F1rC/oV4o9P/J

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2