General
-
Target
d059899e0e9df75c9f5fea1c6817256e4760a24051c8c7ebbd144c8be14d9813
-
Size
2.1MB
-
Sample
241117-bwacvaybkk
-
MD5
9ffb70e2baa85aad1aada3fd37808f3e
-
SHA1
e4e8fd5e9495f236fecb416a111126d28d1daa3c
-
SHA256
d059899e0e9df75c9f5fea1c6817256e4760a24051c8c7ebbd144c8be14d9813
-
SHA512
68d5df966740349078637a9d4087f9832c5c9137fce41686ba5ce2aa8d8e58c080fda54ce6c2dfee0e89801c5b2b8b48d5946622b85fd8ec31e54b6b859d385d
-
SSDEEP
49152:Mpobcx9P+SjriTxbzTYRQ+YUVEi7eToMBe3cZew:Mpo2R+SjuFiNEtToM3ew
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
d059899e0e9df75c9f5fea1c6817256e4760a24051c8c7ebbd144c8be14d9813
-
Size
2.1MB
-
MD5
9ffb70e2baa85aad1aada3fd37808f3e
-
SHA1
e4e8fd5e9495f236fecb416a111126d28d1daa3c
-
SHA256
d059899e0e9df75c9f5fea1c6817256e4760a24051c8c7ebbd144c8be14d9813
-
SHA512
68d5df966740349078637a9d4087f9832c5c9137fce41686ba5ce2aa8d8e58c080fda54ce6c2dfee0e89801c5b2b8b48d5946622b85fd8ec31e54b6b859d385d
-
SSDEEP
49152:Mpobcx9P+SjriTxbzTYRQ+YUVEi7eToMBe3cZew:Mpo2R+SjuFiNEtToM3ew
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-