stealc | caff47b4cac818b5d486cdb292eee34b5390adeb9f6cbd02000a248af934c538 | Triage

Sharing

General

Target

caff47b4cac818b5d486cdb292eee34b5390adeb9f6cbd02000a248af934c538.exe
Size

2.0MB
Sample

241109-d6k87swhna
MD5

70f062fa1d7638c2ec48163a68155acf
SHA1

0507f418cdc2c76ec5dc94b455fce596b87b222e
SHA256

caff47b4cac818b5d486cdb292eee34b5390adeb9f6cbd02000a248af934c538
SHA512

bdf61abd460c82f062a6028abdb327252dfbd8d2b53714ef48ae88decafa02f709148798ca8a3c5f60f3cb134078d9ab7001e3b77e957bb30b83c17672005e7f
SSDEEP

49152:UTgJR0jBb6P3llI6mNpzF38pr0ccA2WNYUgyDPtu3o:UJxu34RzFsYnyDFu

Score

10^/10

stealc tale discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

tale

C2

http://185.215.113.206

Attributes

url_path
/6c4adf523b719729.php

Targets

- Target
  
  caff47b4cac818b5d486cdb292eee34b5390adeb9f6cbd02000a248af934c538.exe
- Size
  
  2.0MB
- MD5
  
  70f062fa1d7638c2ec48163a68155acf
- SHA1
  
  0507f418cdc2c76ec5dc94b455fce596b87b222e
- SHA256
  
  caff47b4cac818b5d486cdb292eee34b5390adeb9f6cbd02000a248af934c538
- SHA512
  
  bdf61abd460c82f062a6028abdb327252dfbd8d2b53714ef48ae88decafa02f709148798ca8a3c5f60f3cb134078d9ab7001e3b77e957bb30b83c17672005e7f
- SSDEEP
  
  49152:UTgJR0jBb6P3llI6mNpzF38pr0ccA2WNYUgyDPtu3o:UJxu34RzFsYnyDFu
Score

10^/10

stealc tale discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealctalediscoveryevasionstealer

behavioral2

stealctalediscoveryevasionstealer