General
-
Target
b58e50d8671afe70416f57d76af797a253c91b824e30ed75182fac5467abe136.exe
-
Size
2.0MB
-
Sample
241107-dl218atja1
-
MD5
51d2305e72f359fca597f845144a62f5
-
SHA1
05a9bd41d30eaf9d226c839cdc81606bdee4e1ed
-
SHA256
b58e50d8671afe70416f57d76af797a253c91b824e30ed75182fac5467abe136
-
SHA512
8b9769bdabb3b08b0f249a64abf151125c48c36d653010b8cd3bd7ac819fa8a25d7a1d9cd5f160aef148b4ce5691ec0cec8f8cc767d248172f8ae193262f28f2
-
SSDEEP
49152:mBUol/2gemtQRj+AN+6CfJ6nLSqTgn4AnGjhB6mrs9KIm:fSeDzN+6wJ6I4AGpw+
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
b58e50d8671afe70416f57d76af797a253c91b824e30ed75182fac5467abe136.exe
-
Size
2.0MB
-
MD5
51d2305e72f359fca597f845144a62f5
-
SHA1
05a9bd41d30eaf9d226c839cdc81606bdee4e1ed
-
SHA256
b58e50d8671afe70416f57d76af797a253c91b824e30ed75182fac5467abe136
-
SHA512
8b9769bdabb3b08b0f249a64abf151125c48c36d653010b8cd3bd7ac819fa8a25d7a1d9cd5f160aef148b4ce5691ec0cec8f8cc767d248172f8ae193262f28f2
-
SSDEEP
49152:mBUol/2gemtQRj+AN+6CfJ6nLSqTgn4AnGjhB6mrs9KIm:fSeDzN+6wJ6I4AGpw+
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-