General
-
Target
d44cf4c345ad3c2a14ba1524bb8dcda23a42aa5a9d33409020b217dc9d1ded73.exe
-
Size
2.0MB
-
Sample
241104-dftsnasdmj
-
MD5
9e23c7a5c0ffc3296edb378b78a64128
-
SHA1
382ae4b7ae5031a160067a9736e7eaec59046381
-
SHA256
d44cf4c345ad3c2a14ba1524bb8dcda23a42aa5a9d33409020b217dc9d1ded73
-
SHA512
3fae13163f7f0ad90e3a088e78490ce0052141b6187501d8ae65d2ff6da66bfbbd8ff568a23a1caffff9a0f8e5bf9bf1587424708c0cfd66170e9a0aa4ddf715
-
SSDEEP
49152:PPO1Nef3MjVWwwxveOevR0kHvYA9qqCTh/l/XXf:PPOTef8BWww4vNwwqqEhZf
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
d44cf4c345ad3c2a14ba1524bb8dcda23a42aa5a9d33409020b217dc9d1ded73.exe
-
Size
2.0MB
-
MD5
9e23c7a5c0ffc3296edb378b78a64128
-
SHA1
382ae4b7ae5031a160067a9736e7eaec59046381
-
SHA256
d44cf4c345ad3c2a14ba1524bb8dcda23a42aa5a9d33409020b217dc9d1ded73
-
SHA512
3fae13163f7f0ad90e3a088e78490ce0052141b6187501d8ae65d2ff6da66bfbbd8ff568a23a1caffff9a0f8e5bf9bf1587424708c0cfd66170e9a0aa4ddf715
-
SSDEEP
49152:PPO1Nef3MjVWwwxveOevR0kHvYA9qqCTh/l/XXf:PPOTef8BWww4vNwwqqEhZf
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-