Extracted

• • Target

    d83fe79b6260b9bdfd88fd02742a7c9a43aae4321cff65d63abd6c6f0ce05bb1

  • Size

    1.7MB

  • MD5

    bb15cf4eb229c392dd06ff8d6e396b00

  • SHA1

    0399a7941c87ee8ffab2993b517aaaafd7352ec6

  • SHA256

    d83fe79b6260b9bdfd88fd02742a7c9a43aae4321cff65d63abd6c6f0ce05bb1

  • SHA512

    5509e2318263b93ab2f2f7e1ccb24b83a6e06a8be42f9208bffb3e1b9cdda3d1e7666a4e29d421ac65a84f473bc0139fa4ac44112b4dbf749bb05d617d633e8c

  • SSDEEP

    49152:iYMFiwUYK0LaiHGdcKjgEJmZGwSZippf7GUU:itAwXtLfccZEpEw

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2