General
-
Target
34e912b828576002110972ce8292a94d4ecebb1582816dcb1414ea2f334827aa.exe
-
Size
1.7MB
-
Sample
241002-kahxjawemq
-
MD5
5cace3141ff06d98c584bfb6681a8ae3
-
SHA1
0993adfa0a320e79a33495bd92c2f457714cca95
-
SHA256
34e912b828576002110972ce8292a94d4ecebb1582816dcb1414ea2f334827aa
-
SHA512
199c0cfe737419829ba7ecc2ee68ca83fe1b042cb20d4f134be45d733a97483111d48f6845b18bb15963097503ef2524e9d1e0fa66e580ac8e7df1fb15b11394
-
SSDEEP
49152:UvjRiEOQx6/EYnSZMyIXDsP7n/SyzEGyOK4HKt:yRibQU/Pn4MyIzsPTlzEGjK4
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
34e912b828576002110972ce8292a94d4ecebb1582816dcb1414ea2f334827aa.exe
-
Size
1.7MB
-
MD5
5cace3141ff06d98c584bfb6681a8ae3
-
SHA1
0993adfa0a320e79a33495bd92c2f457714cca95
-
SHA256
34e912b828576002110972ce8292a94d4ecebb1582816dcb1414ea2f334827aa
-
SHA512
199c0cfe737419829ba7ecc2ee68ca83fe1b042cb20d4f134be45d733a97483111d48f6845b18bb15963097503ef2524e9d1e0fa66e580ac8e7df1fb15b11394
-
SSDEEP
49152:UvjRiEOQx6/EYnSZMyIXDsP7n/SyzEGyOK4HKt:yRibQU/Pn4MyIzsPTlzEGjK4
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-