Extracted

• • Target

    e9b9704e367f41930b4e03e44256adcf7e500d4e2210e63877fa77c594f1dbe5

  • Size

    1.8MB

  • MD5

    b5f5fda1db68c93fd37a889f8c6bcf1a

  • SHA1

    9f382e285307d502fe61e9f41292de5e331ae230

  • SHA256

    e9b9704e367f41930b4e03e44256adcf7e500d4e2210e63877fa77c594f1dbe5

  • SHA512

    25c3d2e896d81bfb01ada6ada5d7048c84a0c17eb69dac5082e3f569c8dbae274965bb38874508c539c5ba0e7e3563e5e64f07b25502a19ce32d3a5a472609b6

  • SSDEEP

    49152:wdg+DzFuXS0WSajyQGnDF0ABA758S4yeNx:sTdF0naIq758LyW

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2