Extracted

• • Target

    fbf5d7d7d7fe3e0524593d57816fa386cbd3c4faa2cb629ae8e4d4712752b9cc

  • Size

    1.8MB

  • MD5

    fb389a787e4ececf266bb4398bf09fad

  • SHA1

    a6648557e82802393e9eb4e953575e0869cb9cc9

  • SHA256

    fbf5d7d7d7fe3e0524593d57816fa386cbd3c4faa2cb629ae8e4d4712752b9cc

  • SHA512

    89f92da90df7942e2fbc9dc501de48a94fc89abbd5a2f3900e435e8eee510a6654733cbcec1a1e1520f3ab76a23eb09010afffabfb6d5c61b875d734d50b038c

  • SSDEEP

    49152:b5Jr5X0Qa5Dwc/E1Po0D9tQ7K+wZXUG2wkqQG0ejGz:bDlelwVQmvZkPwkcg

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2