Extracted

• • Target

    0581fcdf17b6a9512f47a95a5a14788337d45795afd35afe52a450d01750e558

  • Size

    1.7MB

  • MD5

    0b31ced095cd56779e9364a9fde0e38d

  • SHA1

    74c8c92bb500637eb311394040fa318e0ec8719f

  • SHA256

    0581fcdf17b6a9512f47a95a5a14788337d45795afd35afe52a450d01750e558

  • SHA512

    a0586bd672669d881dc38b0b0d3c35c87f5388b197a89c530ade459116ffdc549fea0fa0f73193c266d848d3318c1f94507cad71d13dc06319ee1ca8b94473fd

  • SSDEEP

    49152:frTxjerrEXthc01DYXzaIZZSUZw46E5S0SaLh3VYoL:0g9hoaOvJ5S0SwJ9

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2