General
-
Target
5ec30548e1131d8bc671f66b9029d2dbd58e880848dad0679f445423249e897c.exe
-
Size
1.7MB
-
Sample
241122-c2t5waymgj
-
MD5
cf6ba1380a20d081dc42865c39678dbb
-
SHA1
3894a0d95656cb2f3f20e1d37b4ffac4d5300c54
-
SHA256
5ec30548e1131d8bc671f66b9029d2dbd58e880848dad0679f445423249e897c
-
SHA512
fb8097af9ebdd4c45f687c545ed401b6d1b8309239d9275e7881d3b41c1d883c4947f9127884112eb31d22547944ca3f2492b739b344bf377638fcf3633fb017
-
SSDEEP
24576:lz2LEp/4eurCeD5CwYtm1KPCM29fnpxkj8YqFki6FkkUS6fmXfD4PZN2+N:lMuQe/tm1TMQfpWjzFf6fmPEVN
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
5ec30548e1131d8bc671f66b9029d2dbd58e880848dad0679f445423249e897c.exe
-
Size
1.7MB
-
MD5
cf6ba1380a20d081dc42865c39678dbb
-
SHA1
3894a0d95656cb2f3f20e1d37b4ffac4d5300c54
-
SHA256
5ec30548e1131d8bc671f66b9029d2dbd58e880848dad0679f445423249e897c
-
SHA512
fb8097af9ebdd4c45f687c545ed401b6d1b8309239d9275e7881d3b41c1d883c4947f9127884112eb31d22547944ca3f2492b739b344bf377638fcf3633fb017
-
SSDEEP
24576:lz2LEp/4eurCeD5CwYtm1KPCM29fnpxkj8YqFki6FkkUS6fmXfD4PZN2+N:lMuQe/tm1TMQfpWjzFf6fmPEVN
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-