Extracted

• • Target

    e9730fa9f5a4095acd51ccbbcd2af6783f90800dbc6bfd3a95c1707e4a0c4484

  • Size

    1.8MB

  • MD5

    6f10533236b46bd0f07b34a03ef0e26f

  • SHA1

    36f16e4485951d12928a45d377a39d73718e0c75

  • SHA256

    e9730fa9f5a4095acd51ccbbcd2af6783f90800dbc6bfd3a95c1707e4a0c4484

  • SHA512

    9d01d00fd075fb36c07958cd96d0b5fe37c085263f60ffefaeb544bf3fd24b587b0c8d113ef35c08b6f71a76b058a69d18a9e18930ab36ed11916c3250bbf38c

  • SSDEEP

    49152:QXqrMKN7dly9RlNwFgl8T1FYwkNxcyTRJ6:QXqVxlaRlNweliiI

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2