General
-
Target
9261b5a009a9b8ac9f2e43bcf8f22a55f11d1f1b71dc368522cb039a6dbf2df9
-
Size
2.0MB
-
Sample
241105-trclhstmaz
-
MD5
c6c90107b9c9ad8a039cf38950062c8c
-
SHA1
83cff0d56c69311a132a4438629fd0759c1dffb8
-
SHA256
9261b5a009a9b8ac9f2e43bcf8f22a55f11d1f1b71dc368522cb039a6dbf2df9
-
SHA512
5d600eaa73e8b49db108189bc2cfa74f942e6ae163330fa1341e4d8327c93b6fecfe60edf9e25bbb7dc2566cf2ea24dbe64b01c59fc148d444abedd24c1006ac
-
SSDEEP
49152:OuXu+QAZBrO4P871M6Mpi5oQyX8FwCmyY0sdL:de+blO4k7aZQyX8pY0EL
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
9261b5a009a9b8ac9f2e43bcf8f22a55f11d1f1b71dc368522cb039a6dbf2df9
-
Size
2.0MB
-
MD5
c6c90107b9c9ad8a039cf38950062c8c
-
SHA1
83cff0d56c69311a132a4438629fd0759c1dffb8
-
SHA256
9261b5a009a9b8ac9f2e43bcf8f22a55f11d1f1b71dc368522cb039a6dbf2df9
-
SHA512
5d600eaa73e8b49db108189bc2cfa74f942e6ae163330fa1341e4d8327c93b6fecfe60edf9e25bbb7dc2566cf2ea24dbe64b01c59fc148d444abedd24c1006ac
-
SSDEEP
49152:OuXu+QAZBrO4P871M6Mpi5oQyX8FwCmyY0sdL:de+blO4k7aZQyX8pY0EL
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-