General
-
Target
538f1b2469163b43d505e8d7f15b9618fc25834aa3b2ebe3f452b120120250cd.exe
-
Size
1.8MB
-
Sample
241002-bm3b9szdjr
-
MD5
ed976a68fbf288f214e53f8ee4734fcc
-
SHA1
a67a4f8e2e21d8d8721a7eafdb2a13655854e4f1
-
SHA256
538f1b2469163b43d505e8d7f15b9618fc25834aa3b2ebe3f452b120120250cd
-
SHA512
163b230505d67ff3f5dae64321591ae143819387475274377e30f6bfdc710d18ebbac3eb14ccc9108c23c662d858769d9eff01f8274fab3af6d44ecc93b2677c
-
SSDEEP
49152:EMoTEGtgeGzFVokLvwzDdYdvopaLjDX48Yaop2Cy:joTHgeGzFSkzwzDdAom62/
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
538f1b2469163b43d505e8d7f15b9618fc25834aa3b2ebe3f452b120120250cd.exe
-
Size
1.8MB
-
MD5
ed976a68fbf288f214e53f8ee4734fcc
-
SHA1
a67a4f8e2e21d8d8721a7eafdb2a13655854e4f1
-
SHA256
538f1b2469163b43d505e8d7f15b9618fc25834aa3b2ebe3f452b120120250cd
-
SHA512
163b230505d67ff3f5dae64321591ae143819387475274377e30f6bfdc710d18ebbac3eb14ccc9108c23c662d858769d9eff01f8274fab3af6d44ecc93b2677c
-
SSDEEP
49152:EMoTEGtgeGzFVokLvwzDdYdvopaLjDX48Yaop2Cy:joTHgeGzFSkzwzDdAom62/
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-