Extracted

• • Target

    960c86b1c96179b950ed5c0735ef6b0254b1f4e659b73746e9624851718aaa4e

  • Size

    1.7MB

  • MD5

    9821831d42cd7ba4bbeb71bc10ab297e

  • SHA1

    4c0e79352efe1ffe9574e891d479de5b8ba44729

  • SHA256

    960c86b1c96179b950ed5c0735ef6b0254b1f4e659b73746e9624851718aaa4e

  • SHA512

    9e86662772d23153e473eefbff98737ee913a883cf146d40292369bc52ed55ac882c8e30e7606a4c7657f031bef2b497826592f6119f243df07122e37a71049d

  • SSDEEP

    24576:xA0lWzmMsNW0OU9BpWR1wywWWtN3aMl7QZvghNy5EFpHjjeFMZ2vVubdlESYJs8B:WmDW0OxqYWb3LjhyEfDNn7wX

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2