stealc | c3aeec8fdf17cb7d30e2d97dce245505d26b90e160856e90f9e7fb8949a01022 | Triage

Sharing

General

Target

c3aeec8fdf17cb7d30e2d97dce245505d26b90e160856e90f9e7fb8949a01022
Size

1.7MB
Sample

240912-2ps5gsyhlr
MD5

40cb7abb3661d5c0bbee8c794bc8fd01
SHA1

413785114a79f6ce35a5ea35af89b40e4a70b280
SHA256

c3aeec8fdf17cb7d30e2d97dce245505d26b90e160856e90f9e7fb8949a01022
SHA512

ab95e13bcf49385789b46387ee10b28e726c58bc7093edf17364789d74934224a9fbe4e72334a7b8be36d89fa9f378e4dd491c380b0f8696c835caa3316f0806
SSDEEP

24576:Rh1hlH4vRteq8529WxH0yk19k16XAkFkvt6clXMcIlaGvgGclGdRHwsN5yaRIdyg:7FHieq8MWws6eMcC7vXmGdRHb5Ady

Score

10^/10

stealc leva discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

leva

C2

http://185.215.113.100

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  c3aeec8fdf17cb7d30e2d97dce245505d26b90e160856e90f9e7fb8949a01022
- Size
  
  1.7MB
- MD5
  
  40cb7abb3661d5c0bbee8c794bc8fd01
- SHA1
  
  413785114a79f6ce35a5ea35af89b40e4a70b280
- SHA256
  
  c3aeec8fdf17cb7d30e2d97dce245505d26b90e160856e90f9e7fb8949a01022
- SHA512
  
  ab95e13bcf49385789b46387ee10b28e726c58bc7093edf17364789d74934224a9fbe4e72334a7b8be36d89fa9f378e4dd491c380b0f8696c835caa3316f0806
- SSDEEP
  
  24576:Rh1hlH4vRteq8529WxH0yk19k16XAkFkvt6clXMcIlaGvgGclGdRHwsN5yaRIdyg:7FHieq8MWws6eMcC7vXmGdRHb5Ady
Score

10^/10

stealc leva discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealclevadiscoveryevasionstealer

behavioral2

stealclevadiscoveryevasionstealer