Extracted

• • Target

    51ccf3ba9c672e189b075d959e8dbb8da42cf5b2411ffcb625e7c6c116a7f2db

  • Size

    1.7MB

  • MD5

    4d2252d56465eef4ff197dc15ca36232

  • SHA1

    1544980ddc6ca2f98e00eeed6a0c657ef2fc5e3c

  • SHA256

    51ccf3ba9c672e189b075d959e8dbb8da42cf5b2411ffcb625e7c6c116a7f2db

  • SHA512

    7afafc191b27223d5dc21a0935a39d1be7ed2f5a5ce2d6c08c38ef2036e62a9097fb94bf94095eb33bbd4109707824066b995efe6a7ad133302a8b6d80ccb6f3

  • SSDEEP

    49152:5JzNycCoYt6G/xWgNWIIJRq9Vm9RburOc:rDk7/pJIJRym1c

  Score

  10^/10

  stealcrenodefense_evasiondiscoverystealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Stealc family

    stealc

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    defense_evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    defense_evasion

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2