General
-
Target
8cb31def2f17ac26ddeaea048880afeeb27049fcc3dcf07a5f0382406cfeddb4
-
Size
2.1MB
-
Sample
241117-cx3w8ayhnm
-
MD5
94c83a670fb21a3981d357283a1449d4
-
SHA1
f3aa1cc5e4e32ff8b04630383668ff31eeb72f00
-
SHA256
8cb31def2f17ac26ddeaea048880afeeb27049fcc3dcf07a5f0382406cfeddb4
-
SHA512
282adcd0f18a3f0e2c189f0174cc0452fa9956aaafe322991286e51c011706e03774ad67f6ac9759cce6c7eb59ac1d25f4be57e98e9531a1618e45349c9f06aa
-
SSDEEP
49152:K9kqWQB+CbiZnsrcQnMBRt8qbCNFPMyYyIuZkS:K9lPTbipsrTniCXNFPMxuv
Malware Config
Extracted
stealc
tale
http://185.215.113.206
-
url_path
/6c4adf523b719729.php
Targets
-
-
Target
8cb31def2f17ac26ddeaea048880afeeb27049fcc3dcf07a5f0382406cfeddb4
-
Size
2.1MB
-
MD5
94c83a670fb21a3981d357283a1449d4
-
SHA1
f3aa1cc5e4e32ff8b04630383668ff31eeb72f00
-
SHA256
8cb31def2f17ac26ddeaea048880afeeb27049fcc3dcf07a5f0382406cfeddb4
-
SHA512
282adcd0f18a3f0e2c189f0174cc0452fa9956aaafe322991286e51c011706e03774ad67f6ac9759cce6c7eb59ac1d25f4be57e98e9531a1618e45349c9f06aa
-
SSDEEP
49152:K9kqWQB+CbiZnsrcQnMBRt8qbCNFPMyYyIuZkS:K9lPTbipsrTniCXNFPMxuv
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-