stealc | 623522149510a53e039a12faddda11b1b5f99be47d138781ce79b181af46532b | Triage

Sharing

General

Target

623522149510a53e039a12faddda11b1b5f99be47d138781ce79b181af46532b
Size

1.7MB
Sample

241120-m8bxzszqfp
MD5

8397fbb0f072fe7af2024ed1f2405525
SHA1

f355d07ae184fb244125e29afcc8637e12cb0412
SHA256

623522149510a53e039a12faddda11b1b5f99be47d138781ce79b181af46532b
SHA512

f05188b063abb998729976747b7b9c414d09ea0ed5d978319506776c3f5841b0b6ae7282d923fd5f9e09b1e87dcfe31e7bb4df79c3ba73fb1ddd7866fc847040
SSDEEP

49152:cpFAWg/4zXBC3cKxItsXGiTM1FXpgIHjLDD:kjgQzRC3bHGiTM1FZBD

Score

10^/10

stealc mars discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  623522149510a53e039a12faddda11b1b5f99be47d138781ce79b181af46532b
- Size
  
  1.7MB
- MD5
  
  8397fbb0f072fe7af2024ed1f2405525
- SHA1
  
  f355d07ae184fb244125e29afcc8637e12cb0412
- SHA256
  
  623522149510a53e039a12faddda11b1b5f99be47d138781ce79b181af46532b
- SHA512
  
  f05188b063abb998729976747b7b9c414d09ea0ed5d978319506776c3f5841b0b6ae7282d923fd5f9e09b1e87dcfe31e7bb4df79c3ba73fb1ddd7866fc847040
- SSDEEP
  
  49152:cpFAWg/4zXBC3cKxItsXGiTM1FXpgIHjLDD:kjgQzRC3bHGiTM1FZBD
Score

10^/10

stealc mars discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcmarsdiscoveryevasionstealer

behavioral2

stealcmarsdiscoveryevasionstealer