General
-
Target
44fd1d6d2e2916006900d0d3e0cdf26bd80bf140567ceb535fe549e1fc43d929.exe
-
Size
1.8MB
-
Sample
241010-bxmdssyhjl
-
MD5
ca75f9b03ce493784715c40b62fcd9e8
-
SHA1
b50259f28ec7c3300d120869a75c5dd468973f1a
-
SHA256
44fd1d6d2e2916006900d0d3e0cdf26bd80bf140567ceb535fe549e1fc43d929
-
SHA512
141c2f2f1b2c424c80d16c056f83d31ed13846c57a36fb96fd82340bb67b2f4914edb982a6b1c6cfe56c5e92519f22519befa1eaced4e299ab34bdd55928af97
-
SSDEEP
24576:DvNZeuW3ifDOEVnrAbSuGlkrYOp1uidzo2Aupzz9LAAJUVwqVJgFdoL:7Peu0iNICFOyaz2A+VweWe
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
44fd1d6d2e2916006900d0d3e0cdf26bd80bf140567ceb535fe549e1fc43d929.exe
-
Size
1.8MB
-
MD5
ca75f9b03ce493784715c40b62fcd9e8
-
SHA1
b50259f28ec7c3300d120869a75c5dd468973f1a
-
SHA256
44fd1d6d2e2916006900d0d3e0cdf26bd80bf140567ceb535fe549e1fc43d929
-
SHA512
141c2f2f1b2c424c80d16c056f83d31ed13846c57a36fb96fd82340bb67b2f4914edb982a6b1c6cfe56c5e92519f22519befa1eaced4e299ab34bdd55928af97
-
SSDEEP
24576:DvNZeuW3ifDOEVnrAbSuGlkrYOp1uidzo2Aupzz9LAAJUVwqVJgFdoL:7Peu0iNICFOyaz2A+VweWe
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-