stealc | 725b035cd4da0b8b4e42df16cd6c95cd46213f143f1654f78bd75e42db76c078 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17abc9d745f45caf5d09d735e9545148.bin
Size

1.7MB
Sample

240824-bc51eaxbpf
MD5

cfff464fedc057cee3e9c5b35677dc7b
SHA1

1fd25d139ed18d33f5f8ab1f0dbea2aa71a334a2
SHA256

725b035cd4da0b8b4e42df16cd6c95cd46213f143f1654f78bd75e42db76c078
SHA512

d0392b2d49c658570c8f7bb1725cd648ea300b1400c0ad8c821dfbef46633e7ce04cc8876229717ed37fa2e6494380d34d976acae355fd25ca4f04ba4866a20d
SSDEEP

49152:LEMQJ9WoavkQ2ZFltvFYC7BErqfAQMnrt0EW6z0:LEV9WiQwDtvF7BErqV6a

Score

10^/10

stealc nord discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

nord

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  6ad985ac636b93d6c040972403b0de2f643614483a4157d897d2ca310917fd77.exe
- Size
  
  1.7MB
- MD5
  
  17abc9d745f45caf5d09d735e9545148
- SHA1
  
  2deba4d16169f6a34c8f04113659be75bf4c0541
- SHA256
  
  6ad985ac636b93d6c040972403b0de2f643614483a4157d897d2ca310917fd77
- SHA512
  
  970d73517f9ec7cc2b14452354706532bf9da9c8e510760747bbbfb14e731ae2b38370e4a244ec14425a5141929e09ffaa002dd1d11a198feb76ee7e2110d8c5
- SSDEEP
  
  49152:EmCk8AtsXcyxYxlrrCDEUinZuW4VvexQ8r/8TJbb4Ug:cy6XcFxrVUiwWTrktbbf
Score

10^/10

stealc nord discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcnorddiscoveryevasionstealer

behavioral2

stealcnorddiscoveryevasionstealer