General
-
Target
1e55248aeae25b8281871f9771133ee30b88b32e8c44f6ce0e3ac1ca0214da9b.exe
-
Size
1.7MB
-
Sample
241123-clz17a1nhk
-
MD5
a6a5206fd22c5bef02eabdf3152414e3
-
SHA1
97cdb21c7343613cb4e7b20291fa50d36682d451
-
SHA256
1e55248aeae25b8281871f9771133ee30b88b32e8c44f6ce0e3ac1ca0214da9b
-
SHA512
2911bc1f5737bab4221e4a51f7269b3a91e0d5ab1135fc2128df08b9f6caff329b91e38e5ae75471f55664f87b46a977654108b2dc17db8078aadd9c0ab7ef47
-
SSDEEP
49152:xKh2xSJVBAPuiOyMdUeIPJHNU5Z1+tMuuUWIW:xKbYPuiOTdUeKJtUf1+PuU
Malware Config
Extracted
stealc
mars
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Targets
-
-
Target
1e55248aeae25b8281871f9771133ee30b88b32e8c44f6ce0e3ac1ca0214da9b.exe
-
Size
1.7MB
-
MD5
a6a5206fd22c5bef02eabdf3152414e3
-
SHA1
97cdb21c7343613cb4e7b20291fa50d36682d451
-
SHA256
1e55248aeae25b8281871f9771133ee30b88b32e8c44f6ce0e3ac1ca0214da9b
-
SHA512
2911bc1f5737bab4221e4a51f7269b3a91e0d5ab1135fc2128df08b9f6caff329b91e38e5ae75471f55664f87b46a977654108b2dc17db8078aadd9c0ab7ef47
-
SSDEEP
49152:xKh2xSJVBAPuiOyMdUeIPJHNU5Z1+tMuuUWIW:xKbYPuiOTdUeKJtUf1+PuU
Score10/10-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-