General
-
Target
cec17bbe6b0c69bc4929feada81e713ff2baa44a80df0f3b94345a04755c056f.exe
-
Size
1.8MB
-
Sample
241010-cr8waavejb
-
MD5
b68a32c2a43d3cd6a1495c00d7f6f0a4
-
SHA1
a369068b3b6a7d8053edfac46c4f0e97c04bc40e
-
SHA256
cec17bbe6b0c69bc4929feada81e713ff2baa44a80df0f3b94345a04755c056f
-
SHA512
134741c7902a4743a5204bf9865885d9c82c8209344e4fea80da8aca0405f8cfdfa6f4bc2ff243383cf29019aaeb1f6f8492e22f1a520b52b8c474e278944fd0
-
SSDEEP
49152:jNsUlGhhZ6qg1qpvR0wByQ0cc3WwvVgQ8t+v60BO:qhhZ6nkPBoei6o
Malware Config
Extracted
stealc
doma
http://185.215.113.37
-
url_path
/e2b1563c6670f193.php
Targets
-
-
Target
cec17bbe6b0c69bc4929feada81e713ff2baa44a80df0f3b94345a04755c056f.exe
-
Size
1.8MB
-
MD5
b68a32c2a43d3cd6a1495c00d7f6f0a4
-
SHA1
a369068b3b6a7d8053edfac46c4f0e97c04bc40e
-
SHA256
cec17bbe6b0c69bc4929feada81e713ff2baa44a80df0f3b94345a04755c056f
-
SHA512
134741c7902a4743a5204bf9865885d9c82c8209344e4fea80da8aca0405f8cfdfa6f4bc2ff243383cf29019aaeb1f6f8492e22f1a520b52b8c474e278944fd0
-
SSDEEP
49152:jNsUlGhhZ6qg1qpvR0wByQ0cc3WwvVgQ8t+v60BO:qhhZ6nkPBoei6o
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-