General
-
Target
ea69168bcfe17084b509a7c2bc460e0dfcfe481e82075c78fe29db3f81e47bd7.exe
-
Size
1.7MB
-
Sample
241120-d9xrea1cmm
-
MD5
5fc4e66712a94c81cd3329e8b397b481
-
SHA1
8bd9d0750a5a007e7c3a8ce4b99a7bc8b10455b7
-
SHA256
ea69168bcfe17084b509a7c2bc460e0dfcfe481e82075c78fe29db3f81e47bd7
-
SHA512
000f38bf41c1ada2a2316aa4f1ccad366b07c9c0b81a3a4aab772bef0607aa37f266cb399a5df8dc1ae161497d95f045d7d617f48d93e378ea425768f0735d44
-
SSDEEP
49152:8WuVVthf5kp7nzGpxwWPYxWudfZEU8um:cVlh6n/zxzdp8
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
ea69168bcfe17084b509a7c2bc460e0dfcfe481e82075c78fe29db3f81e47bd7.exe
-
Size
1.7MB
-
MD5
5fc4e66712a94c81cd3329e8b397b481
-
SHA1
8bd9d0750a5a007e7c3a8ce4b99a7bc8b10455b7
-
SHA256
ea69168bcfe17084b509a7c2bc460e0dfcfe481e82075c78fe29db3f81e47bd7
-
SHA512
000f38bf41c1ada2a2316aa4f1ccad366b07c9c0b81a3a4aab772bef0607aa37f266cb399a5df8dc1ae161497d95f045d7d617f48d93e378ea425768f0735d44
-
SSDEEP
49152:8WuVVthf5kp7nzGpxwWPYxWudfZEU8um:cVlh6n/zxzdp8
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-