Extracted

• • Target

    1e35eb7e6634895580ffe5387e5ced801ecc958728e154c46f3d3baf52d98e53

  • Size

    1.7MB

  • MD5

    10daa13710e19a2a7a2e4a546f11c981

  • SHA1

    c08c355e44b7ee4b97e9dcab961597cfe93332cb

  • SHA256

    1e35eb7e6634895580ffe5387e5ced801ecc958728e154c46f3d3baf52d98e53

  • SHA512

    e577092f3f8c2839f5e9d4e609cd3b3f3e993d25bdb2985bd209e634528489d1a3e3eb3ee9ad9d70997be38b99d71faba39df47f36f9f35f76b924e644960bd8

  • SSDEEP

    24576:qfVdHKMrfECiD+Vj4bL0CBaOvcjU1MficrHRMLr1/5sV1trF5u0n3iP6HGNbmXFx:qf/q8iDcjO0CBTcA6MLJBG1nyP4Lj

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2