stealc | 4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0 | Triage

Resubmissions

22-11-2024 06:27

241122-g7wywawjcz 10

22-11-2024 06:23

241122-g5gq6swjbs 10

Sharing

General

Target

file.exe
Size

1.7MB
Sample

241122-g5gq6swjbs
MD5

6edefc0c895756e5e929668b5f804c1f
SHA1

37cc66db57185d2dd9827f2a5670fe527592d5d2
SHA256

4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0
SHA512

5f34e6de56f5d86d59ccbb966b1dbff64ef8b2a759bc9cfbadde40e05d6c2924940a6c63329f633d9464ac8ae35dc9ada419ad3436dc787a2b1bfbe7c120b13c
SSDEEP

49152:YsK+ovd70fKBOtE8bf8W7yVzlEBikSRZh+Kop1UemI/eh:Y4kMoOtE8IWMiikSjhfsenieh

Score

10^/10

stealc mars discovery evasion stealer

Malware Config

Extracted

Family

stealc

Botnet

mars

C2

http://185.215.113.206

Attributes

url_path
/c4becf79229cb002.php

Targets

- Target
  
  file.exe
- Size
  
  1.7MB
- MD5
  
  6edefc0c895756e5e929668b5f804c1f
- SHA1
  
  37cc66db57185d2dd9827f2a5670fe527592d5d2
- SHA256
  
  4cda37f0fdd836cfebb3df05dc550fff54eab9f7a9959c083ce50d0f049aa0a0
- SHA512
  
  5f34e6de56f5d86d59ccbb966b1dbff64ef8b2a759bc9cfbadde40e05d6c2924940a6c63329f633d9464ac8ae35dc9ada419ad3436dc787a2b1bfbe7c120b13c
- SSDEEP
  
  49152:YsK+ovd70fKBOtE8bf8W7yVzlEBikSRZh+Kop1UemI/eh:Y4kMoOtE8IWMiikSjhfsenieh
Score

10^/10

stealc mars discovery evasion stealer
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Stealc family
  stealc
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

stealcmarsdiscoveryevasionstealer

behavioral2

stealcmarsdiscoveryevasionstealer