General
-
Target
b47ca39f8e231d2868e251f775f1e466.bin
-
Size
1.7MB
-
Sample
241122-byzqhs1pdy
-
MD5
414affbb1ebd44ec40b7abdb96f0e0bb
-
SHA1
1fceb797bd59fcd33ab5066b8926bc16454260c8
-
SHA256
34854f807c03530c75508cecb669a4839fe228c887493058e0074d5a5377ae84
-
SHA512
9444ba80d596b1fc0fcb33707cb23443efa28681fd822e2416106c26f68c00574c0813be98bca585c4cae8ebcf61d2a14ddad1866b53f43d5a6de43fdf8e0f09
-
SSDEEP
49152:GJXe2/nFAgZaMV3VP2dKtecv7pridpvaEj:yX1/GgcMV3VP2gecWpXj
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
d8906e0e0e173ede05401aaa09f2083b28260928b1278164d7008992e75cceae.exe
-
Size
1.7MB
-
MD5
b47ca39f8e231d2868e251f775f1e466
-
SHA1
eddd4499ba642788bc77544b67226538da14d651
-
SHA256
d8906e0e0e173ede05401aaa09f2083b28260928b1278164d7008992e75cceae
-
SHA512
24099b5b0830cf2f50be554e29d92c09be205adf2d3bf8dac2ec609af1c5f7a51f657a10b55e5bd138ba6ab815539e74a4976ed23a2312b1624d2e901865b2a9
-
SSDEEP
49152:rrCrbqzOFonTOEZJM6cBs2esffk4Kt+z3hYdAnAurE:nSbqIE9as/snk4Kt+idCQ
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-