General
-
Target
75e0778aca3baa95da30a276d933e1fbcdba4a737edd2ff728d87001851dae39.exe
-
Size
2.1MB
-
Sample
241106-dd6pfaspcx
-
MD5
7451a482de660b001df17c6bef776dc0
-
SHA1
e346631fab4d4ad4833d8ead0eaf7071c0346f9e
-
SHA256
75e0778aca3baa95da30a276d933e1fbcdba4a737edd2ff728d87001851dae39
-
SHA512
70fdf85efa3dd850a371350dbfa989ef8d47321ad56df8e1af144e39fc29a5ac74468c58feea21d764c42ca537c307ce012f91f67dbffb40b66a26095f779907
-
SSDEEP
49152:7ejT3GNRpJdmRd8mk9jpjC0L+131Knawovz+JpY4yll:wTGbkRCH9BC0L+1316fovzcSXl
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
75e0778aca3baa95da30a276d933e1fbcdba4a737edd2ff728d87001851dae39.exe
-
Size
2.1MB
-
MD5
7451a482de660b001df17c6bef776dc0
-
SHA1
e346631fab4d4ad4833d8ead0eaf7071c0346f9e
-
SHA256
75e0778aca3baa95da30a276d933e1fbcdba4a737edd2ff728d87001851dae39
-
SHA512
70fdf85efa3dd850a371350dbfa989ef8d47321ad56df8e1af144e39fc29a5ac74468c58feea21d764c42ca537c307ce012f91f67dbffb40b66a26095f779907
-
SSDEEP
49152:7ejT3GNRpJdmRd8mk9jpjC0L+131Knawovz+JpY4yll:wTGbkRCH9BC0L+1316fovzcSXl
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-