General
-
Target
file
-
Size
1.8MB
-
Sample
241009-nvcsssyajc
-
MD5
82da47439745c8314d87f914d754a05b
-
SHA1
cea94d96cb65101b0999836f5d5af1d933fbd7f3
-
SHA256
dfd2a42098300a3651469074136a54639e0403d86dc203f99d022fd53625e438
-
SHA512
39c2fcec8a2fda77e3e3e113cb588cd6523524fb832a64b7d53d7cea02566b6d2211adc8758d1f63461a5bb60ee2f7deb28e2cb79922c0d81d70456a3c286911
-
SSDEEP
24576:2YY+lir2XEhWwMfAWbXd0W0onZAo9tNf7d1KGx4DpEJI27SoQ:2YYyBLYWbKW0Mn734VEJo
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
file
-
Size
1.8MB
-
MD5
82da47439745c8314d87f914d754a05b
-
SHA1
cea94d96cb65101b0999836f5d5af1d933fbd7f3
-
SHA256
dfd2a42098300a3651469074136a54639e0403d86dc203f99d022fd53625e438
-
SHA512
39c2fcec8a2fda77e3e3e113cb588cd6523524fb832a64b7d53d7cea02566b6d2211adc8758d1f63461a5bb60ee2f7deb28e2cb79922c0d81d70456a3c286911
-
SSDEEP
24576:2YY+lir2XEhWwMfAWbXd0W0onZAo9tNf7d1KGx4DpEJI27SoQ:2YYyBLYWbKW0Mn734VEJo
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-