stealc | 512f37203caa529ca6f1ed899476869e30604a3f2835cbc8f0914cfe7ab001f7 | Triage

Sharing

General

Target

9f3505d4d53376c68d28e5c76449d6f9.bin
Size

1.7MB
Sample

240826-b35gkazbmk
MD5

c9cebd4b5de35f49dea192afa4237c5c
SHA1

442317f3257454eb135f58aaae75ccb81c7493cd
SHA256

512f37203caa529ca6f1ed899476869e30604a3f2835cbc8f0914cfe7ab001f7
SHA512

999a13e0cc9d7442cbb4bcb23bc05a2e0caa6eddb2e541b8f80f253d85a95b7962d6115b223272962085e5c2f359aa7bc60f90a55e36f60e0b0655e4da0cba18
SSDEEP

24576:+n359umSA7tHu57tX5Vlz9FNzQkf93R+iCR6UTrHkeCIIZSCsb:+n359WCg7B5Vl5zf93R+nR69zhZpy

Score

10^/10

stealc leva discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

leva

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  4c840a0355723638725621473ca6d5c98cb9efec4c848b10d57c9ab4883c413b.exe
- Size
  
  1.7MB
- MD5
  
  9f3505d4d53376c68d28e5c76449d6f9
- SHA1
  
  56dc4d4bac3ef0a46b1146a58eccdc773222db0c
- SHA256
  
  4c840a0355723638725621473ca6d5c98cb9efec4c848b10d57c9ab4883c413b
- SHA512
  
  a447481d76a79f2923a43deccab1e7623310191faa588ca570fe5bd81c24550c17689b11009a9ac06241da8886aaf8bfd10bffce1e2c1641af7d2fd4b9990b2c
- SSDEEP
  
  24576:ioET/xymQieSs7Kng1rQDGiFOFWsu8cYoCwqeSIpb213Q+p/gJVAlwiVa77K:ijL8Uikt6QCwqAboV/OEVyK
Score

10^/10

stealc leva discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealclevadiscoveryevasionstealer

behavioral2

stealclevadiscoveryevasionstealer