General
-
Target
file.exe
-
Size
1.7MB
-
Sample
241122-f8aats1mdn
-
MD5
7fd8a3ed2355ac7d27edebd3d03b9c3d
-
SHA1
5ad5b704bb66f76c64d0c493094380f2844fef0e
-
SHA256
560e746a7908dddf140088039058c2150e08f726e4304869506061e4bce3885e
-
SHA512
f15bfd422666f858efb415405b0687ff8b9b40bf09375f99b7499e34684c511dffce88e885220ca6c8d982c0073098549b3b28f8c32084befc22af364f7d3653
-
SSDEEP
24576:c52+cO7TgIYuKZmoj0zmtG+ZQRvnL4CZsrhhU/SQ8y9cY2X0YwTuCbINL25O8RdO:vKfYJjYmt44XHaS7yX2Xg1bINLNc6
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
7fd8a3ed2355ac7d27edebd3d03b9c3d
-
SHA1
5ad5b704bb66f76c64d0c493094380f2844fef0e
-
SHA256
560e746a7908dddf140088039058c2150e08f726e4304869506061e4bce3885e
-
SHA512
f15bfd422666f858efb415405b0687ff8b9b40bf09375f99b7499e34684c511dffce88e885220ca6c8d982c0073098549b3b28f8c32084befc22af364f7d3653
-
SSDEEP
24576:c52+cO7TgIYuKZmoj0zmtG+ZQRvnL4CZsrhhU/SQ8y9cY2X0YwTuCbINL25O8RdO:vKfYJjYmt44XHaS7yX2Xg1bINLNc6
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-