General
-
Target
DHJ3R_file.exe
-
Size
1.7MB
-
Sample
241122-mwlxesyqfy
-
MD5
a0e3200d0547b77804794f31e2570e0a
-
SHA1
4615e12b5b32112ace009dea7944481d5ec914a6
-
SHA256
ab464533e36194f803441eb419712e0c1487079b73e89956a370654f395cdb23
-
SHA512
28eaf8327704726985062c405875fecd0ed794d953f96547022c708c076e113af09fd5b8b364897e70a0aeacf4d056a7a2232d28527f2db47121ffd2c22b826a
-
SSDEEP
24576:XPvVNUDuoQwa1iuFcfxNfgctGzn51sMJv4NacO+ADaf6/B6Bm85nHFXZLqex9GZr:nTAXzJNfgv91sM94ocEi6/qnlXpOd5F
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
DHJ3R_file.exe
-
Size
1.7MB
-
MD5
a0e3200d0547b77804794f31e2570e0a
-
SHA1
4615e12b5b32112ace009dea7944481d5ec914a6
-
SHA256
ab464533e36194f803441eb419712e0c1487079b73e89956a370654f395cdb23
-
SHA512
28eaf8327704726985062c405875fecd0ed794d953f96547022c708c076e113af09fd5b8b364897e70a0aeacf4d056a7a2232d28527f2db47121ffd2c22b826a
-
SSDEEP
24576:XPvVNUDuoQwa1iuFcfxNfgctGzn51sMJv4NacO+ADaf6/B6Bm85nHFXZLqex9GZr:nTAXzJNfgv91sM94ocEi6/qnlXpOd5F
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-