General
-
Target
f4b3a3e58bfa294ae8509a9bd41f224e67eeb7a2919d49410f9fa018fdcb4e20.exe
-
Size
1.8MB
-
Sample
241119-sewyysxkgy
-
MD5
cd6989da78d758e1066490bbdca6c156
-
SHA1
8c7a2be631d1b360f66986e37d3ca1cc779805e2
-
SHA256
f4b3a3e58bfa294ae8509a9bd41f224e67eeb7a2919d49410f9fa018fdcb4e20
-
SHA512
b3eedd74fe93b5240cadef1797da6926cdf665284ae29d40e10c0fa2d109e5fbab78d1310bea064b259b93fb59b124b49b7a8d17a396e522a5dd556b13c9e2c7
-
SSDEEP
24576:JiOtJPPCOOKRbLtgQ5eBLrO6yxg34xeCT0TvpFP2nSvpJj4XqMWvsQcZ1NsAu9d2:Q8PcKh6LDyxPTkzIaNsQcZ1N3ub2
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
f4b3a3e58bfa294ae8509a9bd41f224e67eeb7a2919d49410f9fa018fdcb4e20.exe
-
Size
1.8MB
-
MD5
cd6989da78d758e1066490bbdca6c156
-
SHA1
8c7a2be631d1b360f66986e37d3ca1cc779805e2
-
SHA256
f4b3a3e58bfa294ae8509a9bd41f224e67eeb7a2919d49410f9fa018fdcb4e20
-
SHA512
b3eedd74fe93b5240cadef1797da6926cdf665284ae29d40e10c0fa2d109e5fbab78d1310bea064b259b93fb59b124b49b7a8d17a396e522a5dd556b13c9e2c7
-
SSDEEP
24576:JiOtJPPCOOKRbLtgQ5eBLrO6yxg34xeCT0TvpFP2nSvpJj4XqMWvsQcZ1NsAu9d2:Q8PcKh6LDyxPTkzIaNsQcZ1N3ub2
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-