Extracted

• • Target

    1e369c2050d1ebf9f5205ab01d40ef9ca14d0623a417b6482c26d605780732c7

  • Size

    1.7MB

  • MD5

    7fd29d658d75fd38b3d2ffc218ae4eea

  • SHA1

    145471ae2d2182d94d294b799337bb84e39ea542

  • SHA256

    1e369c2050d1ebf9f5205ab01d40ef9ca14d0623a417b6482c26d605780732c7

  • SHA512

    44654b25527ddcf863f4ae9fcccfaad4d29ebd459fdb169266042e6c5ae242dc5ea9a8e945e7fe51f0fb4b67cda897f499aa418341269287ebbcae089d076dab

  • SSDEEP

    49152:195kYbJT6fn4OnW23cjQWiwwetZTm9Qa:17kUT6QOnWj3DHmua

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2