General
-
Target
f7536ef71a6a1df24263e5bf3b58be00674f303eff4787d70de246e481f8330e.exe
-
Size
2.0MB
-
Sample
241108-evtlwavhmn
-
MD5
2bd1643c51ab40c4b17e6f15b1eaeb0c
-
SHA1
0ed83b36c8cc314690e7353a2a3631deee098331
-
SHA256
f7536ef71a6a1df24263e5bf3b58be00674f303eff4787d70de246e481f8330e
-
SHA512
4e5d5416d72b5d254b32b98feed4009eb321d21f520d607fdce174b3a7bfd9cab01cfa43981c0dc6f989c936c411e274e924244d31223d6ad2dcee5e7d6b5246
-
SSDEEP
49152:EF1bxVr3+oAYxi4v0C3z8xC6pmEENBQoNRqrj:Ez+OxAHxbEBx
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
f7536ef71a6a1df24263e5bf3b58be00674f303eff4787d70de246e481f8330e.exe
-
Size
2.0MB
-
MD5
2bd1643c51ab40c4b17e6f15b1eaeb0c
-
SHA1
0ed83b36c8cc314690e7353a2a3631deee098331
-
SHA256
f7536ef71a6a1df24263e5bf3b58be00674f303eff4787d70de246e481f8330e
-
SHA512
4e5d5416d72b5d254b32b98feed4009eb321d21f520d607fdce174b3a7bfd9cab01cfa43981c0dc6f989c936c411e274e924244d31223d6ad2dcee5e7d6b5246
-
SSDEEP
49152:EF1bxVr3+oAYxi4v0C3z8xC6pmEENBQoNRqrj:Ez+OxAHxbEBx
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-