General
-
Target
file.exe
-
Size
2.0MB
-
Sample
241108-nh7gmszrfy
-
MD5
39dcece0736e0185aa15fc863b0a30a6
-
SHA1
04f92f565fb6ca84d5545715b9e04dfb1e0b5d2f
-
SHA256
5f3bbcbfc3af0df3efbfa025309523f8d5d94fb80c23733c4ecc51a851f24146
-
SHA512
89bc5241f0a407a6986d8a44dcb98a3ead579276a820f062db5ee7ce0aa744ceea67601ad40ffb79b511f619cf3d723e582d2e1e5c2b1bbef51ffd0e007828c4
-
SSDEEP
49152:6trjeyT4BFh6Sh3U5oRLnzA4OvbVwhaen0ZVYQNWL:SeyT+T6Lo1nrQuh/d
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
file.exe
-
Size
2.0MB
-
MD5
39dcece0736e0185aa15fc863b0a30a6
-
SHA1
04f92f565fb6ca84d5545715b9e04dfb1e0b5d2f
-
SHA256
5f3bbcbfc3af0df3efbfa025309523f8d5d94fb80c23733c4ecc51a851f24146
-
SHA512
89bc5241f0a407a6986d8a44dcb98a3ead579276a820f062db5ee7ce0aa744ceea67601ad40ffb79b511f619cf3d723e582d2e1e5c2b1bbef51ffd0e007828c4
-
SSDEEP
49152:6trjeyT4BFh6Sh3U5oRLnzA4OvbVwhaen0ZVYQNWL:SeyT+T6Lo1nrQuh/d
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-