Extracted

• • Target

    ea5d2f0bc20d8ed016b777b7ed4c084670fd3f56c9aeb59c91458916247e4b7a

  • Size

    1.7MB

  • MD5

    e580e9c7dde6521ccfb7b2950a7a2e13

  • SHA1

    256b3dbbdcdadfcf2d369acf7502b8967de155db

  • SHA256

    ea5d2f0bc20d8ed016b777b7ed4c084670fd3f56c9aeb59c91458916247e4b7a

  • SHA512

    b16bea4047444c390b9064e87099106c0cfa2b87f08b104a06e48f9c85738c1449baac650820302c0dba26a21bdc00b5ef186b8443652f0971a34754527ca5b4

  • SSDEEP

    49152:YfyWaZJfCvEbS9rRt4V6DltoqSh2g3WSZw4FIN:cDaZtE/9rRtBfk2gLm4

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2