General
-
Target
66c7b70ab45668ccf79506762e35bfbd22ab6c07689fc0fe41f202336f516688.exe
-
Size
2.0MB
-
Sample
241102-newkzavqhk
-
MD5
0e5bf6cca8186ea2b2dffb910fe238e6
-
SHA1
df4dab8d3fd6a0d8311eb72c64812f3d9696af01
-
SHA256
66c7b70ab45668ccf79506762e35bfbd22ab6c07689fc0fe41f202336f516688
-
SHA512
b18a37975d54cf80faaf529eaf9038488ad9ff50e680142e91237ebb43fcc8b6298da8e6ea5f6d9d2569d67877aa9deb1c76e945212b1734eba6d596a70d26c9
-
SSDEEP
49152:ukzFs5LxFlAk/1QNTDko7qAq0eoWfRX3ijen+0NGITy4PA:ukzO13AVTDvqA9zqae+2TH
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
66c7b70ab45668ccf79506762e35bfbd22ab6c07689fc0fe41f202336f516688.exe
-
Size
2.0MB
-
MD5
0e5bf6cca8186ea2b2dffb910fe238e6
-
SHA1
df4dab8d3fd6a0d8311eb72c64812f3d9696af01
-
SHA256
66c7b70ab45668ccf79506762e35bfbd22ab6c07689fc0fe41f202336f516688
-
SHA512
b18a37975d54cf80faaf529eaf9038488ad9ff50e680142e91237ebb43fcc8b6298da8e6ea5f6d9d2569d67877aa9deb1c76e945212b1734eba6d596a70d26c9
-
SSDEEP
49152:ukzFs5LxFlAk/1QNTDko7qAq0eoWfRX3ijen+0NGITy4PA:ukzO13AVTDvqA9zqae+2TH
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-