General
-
Target
249001bdb6015ef538d4654e6f5c5a1522b7382987ec926d062578ae973f8a71.exe
-
Size
1.7MB
-
Sample
240904-bk2yqasarl
-
MD5
5bf21229b0e8c6361a56f0aec0121cc4
-
SHA1
a46472a1168dad39660f923bb25dc333d24cd2cb
-
SHA256
249001bdb6015ef538d4654e6f5c5a1522b7382987ec926d062578ae973f8a71
-
SHA512
5de8222c9ae3a6f89a368722cb226f1f82d4b290831c44d3ab84f0d21a3d9432c4dfa126ec53501d0f49227d27c911cd4fe89361d13951117b06897cc52baf0f
-
SSDEEP
49152:qbPeZrwU5W/dC3UamcrzBaGz4PCe7edsnFIKLM2Rm+:eWZeahRaA4neaO+
Malware Config
Extracted
stealc
leva
http://185.215.113.100
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
249001bdb6015ef538d4654e6f5c5a1522b7382987ec926d062578ae973f8a71.exe
-
Size
1.7MB
-
MD5
5bf21229b0e8c6361a56f0aec0121cc4
-
SHA1
a46472a1168dad39660f923bb25dc333d24cd2cb
-
SHA256
249001bdb6015ef538d4654e6f5c5a1522b7382987ec926d062578ae973f8a71
-
SHA512
5de8222c9ae3a6f89a368722cb226f1f82d4b290831c44d3ab84f0d21a3d9432c4dfa126ec53501d0f49227d27c911cd4fe89361d13951117b06897cc52baf0f
-
SSDEEP
49152:qbPeZrwU5W/dC3UamcrzBaGz4PCe7edsnFIKLM2Rm+:eWZeahRaA4neaO+
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-