Extracted

• • Target

    29400490a7e6d89ffe8f731ffdc56e7f13f830b98378b1f24650a9c07d2e4bbb

  • Size

    1.8MB

  • MD5

    dc7fb0b215e5bd885059328d836e9334

  • SHA1

    831e495173035a86fa95f95dbb049e5c9b2d5021

  • SHA256

    29400490a7e6d89ffe8f731ffdc56e7f13f830b98378b1f24650a9c07d2e4bbb

  • SHA512

    e6bfd880e07c26dd1e0a8e250683d0828ed670c34de0b587735bfe45197f3c5cfe8903ac1a5aae2ab53f1c202f40631bdf9416e086b1c1bf7c46341fa93777d0

  • SSDEEP

    49152:7IarvZjHJvl/wffgech8aXIG9hzG3Irm7/v90R4fra:7IatjvYff5cTIGU+4f

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2