General
-
Target
4b5b6c5e22eb5b54fe868146f3eb135a.bin
-
Size
1.7MB
-
Sample
241122-blql3s1mdz
-
MD5
6ff2e0cd5a17aa7e2df9094150ea8803
-
SHA1
0a51213f62e836a5e6fdd285e4c82e2c20208461
-
SHA256
2da04310d1f5f2c8218534c9be5b2bb88190dee5ef31f98371cc4516f9c422ac
-
SHA512
8794814516b8f7b815d7baed288a5d6621d127794abbe965125a3ce5815048bdd3ddd84f19074f4293e9c8b1301056e91892341334edfd7e9f125f806dd1959d
-
SSDEEP
49152:WK4xO0gwVENhKi9bi0tuUuu0sgR3i36+hhbvwSCUNkT68O:WKcO0gwVk3OzUuu0sg1i3zTbogj8O
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
aef9bf494cc14ae02f71a0d63807fa488f72cc91b9d8c28edcc28c13a43ae55b.exe
-
Size
1.7MB
-
MD5
4b5b6c5e22eb5b54fe868146f3eb135a
-
SHA1
4befd8d3f3344123701518370be0b471cc9c359f
-
SHA256
aef9bf494cc14ae02f71a0d63807fa488f72cc91b9d8c28edcc28c13a43ae55b
-
SHA512
bd49c85cac7c34568fdb3fa4eb980c11170bbdbc274d04b695f3e88d37bea4058f1979bd5f3f2b594f3446e5a5a53ba3da97b83523b842fa6018bccca22aa1ca
-
SSDEEP
49152:nsDtZHIZZZZ1Jrv/7l1eOb1OCJW5TFrMgs2dpHJOH:nn37711rgt7wH
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-