stealc | 27cc6f14645280d84d872a3d4bf0adf3ccaf289bf0014e79c50dee92a048f478 | Triage

Sharing

General

Target

27cc6f14645280d84d872a3d4bf0adf3ccaf289bf0014e79c50dee92a048f478.exe
Size

2.8MB
Sample

240921-bl45gaybjb
MD5

9add56c0d441bc39094e12a54dfd1310
SHA1

1840122488552192518f57d930a3b6cd905da9ad
SHA256

27cc6f14645280d84d872a3d4bf0adf3ccaf289bf0014e79c50dee92a048f478
SHA512

19c903fd2cf5afc641595e83e2a5b3a4ac98e5238ef94ec8bd8a5225cacfb74dd609ce6ecd8f2f0af1a79792391cb897b2713f46d7433d901cfbea24bcbae673
SSDEEP

49152:Nv6XmEUiBDwT3DIP9WfboVx22uxx7iPWec:NemEUiBkTTIP9ioLuxx7iPWB

Score

10^/10

stealc dear discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

dear

C2

http://185.215.113.103

Attributes

url_path
/e2b1563c6670f193.php

Targets

- Target
  
  27cc6f14645280d84d872a3d4bf0adf3ccaf289bf0014e79c50dee92a048f478.exe
- Size
  
  2.8MB
- MD5
  
  9add56c0d441bc39094e12a54dfd1310
- SHA1
  
  1840122488552192518f57d930a3b6cd905da9ad
- SHA256
  
  27cc6f14645280d84d872a3d4bf0adf3ccaf289bf0014e79c50dee92a048f478
- SHA512
  
  19c903fd2cf5afc641595e83e2a5b3a4ac98e5238ef94ec8bd8a5225cacfb74dd609ce6ecd8f2f0af1a79792391cb897b2713f46d7433d901cfbea24bcbae673
- SSDEEP
  
  49152:Nv6XmEUiBDwT3DIP9WfboVx22uxx7iPWec:NemEUiBkTTIP9ioLuxx7iPWB
Score

10^/10

stealc dear discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcdeardiscoveryevasionstealer

behavioral2

stealcdeardiscoveryevasionstealer